Fix RFC num.

Update STATUS.
Fix warning.
2009-04-21 15:42:01 +00:00 · 2009-04-21 15:19:15 +00:00 · 2009-04-21 15:11:59 +00:00 · 2009-04-21 15:02:20 +00:00 · 2009-04-21 14:58:57 +00:00 · 2009-04-19 18:03:13 +00:00
132 changed files with 1326 additions and 629 deletions
--- a/24
+++ b/24
@@ -4,6 +4,27 @@

 Changes between 0.9.8k and 1.0  [xx XXX xxxx]

+  *) Add "missing" function EVP_MD_flags() (without this the only way to
+     retrieve a digest flags is by accessing the structure directly. Update
+     EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest
+     or cipher is registered as in the "from" argument. Print out all
+     registered digests in the dgst usage message instead of manually 
+     attempting to work them out.
+     [Steve Henson]
+
+  *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello:
+     this allows the use of compression and extensions. Change default cipher
+     string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
+     by default unless an application cipher string requests it.
+     [Steve Henson]
+
+  *) Alter match criteria in PKCS12_parse(). It used to try to use local
+     key ids to find matching certificates and keys but some PKCS#12 files
+     don't follow the (somewhat unwritten) rules and this strategy fails.
+     Now just gather all certificates together and the first private key
+     then look for the first certificate that matches the key.
+     [Steve Henson]
+
  *) Support use of registered digest and cipher names for dgst and cipher
     commands instead of having to add each one as a special case. So now
     you can do:
@@ -765,6 +786,9 @@

 Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]

+  *) Handle non-blocking I/O properly in SSL_shutdown() call.
+     [Darryl Miles <darryl-mailinglists@netbauds.net>]
+
  *) Add 2.5.4.* OIDs
     [Ilya O. <vrghost@gmail.com>]

--- a/CHANGES.SSLeay
+++ b/CHANGES.SSLeay
@@ -148,7 +148,7 @@ eric (about to go bushwalking for the 4 day easter break :-)
      This would tend to cause memory overwrites since SSLv3 has
      a maximum packet size of 16k.  If your program uses
      buffers <= 16k, you would probably never see this problem.
-    - Fixed a new errors that were cause by malloc() not returning
+    - Fixed a few errors that were cause by malloc() not returning
      0 initialised memory..
    - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
      SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
--- a/11
+++ b/11
@@ -496,7 +496,7 @@ my %table=(
 "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",

 # MinGW
-"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::MINGW32:-lws2_32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
+"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DOPENSSL_NO_CAPIENG -fomit-frame-pointer -O3 -march=i486 -Wall:::MINGW32:-lws2_32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
 # As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll
 # compiled with one compiler with application compiled with another
 # compiler. It's possible to engage Applink support in mingw64 build,
@@ -1218,7 +1218,14 @@ if ($zlib)
 	$cflags = "-DZLIB $cflags";
 	if (defined($disabled{"zlib-dynamic"}))
 		{
-		$lflags = "$lflags -lz";
+		if (defined($withargs{"zlib-lib"}))
+			{
+			$lflags = "$lflags -L" . $withargs{"zlib-lib"} . " -lz";
+			}
+		else
+			{
+			$lflags = "$lflags -lz";
+			}
 		}
 	else
 		{
--- a/Makefile.org
+++ b/Makefile.org
@@ -188,6 +188,7 @@ BUILDENV=	PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
 		MAKEDEPPROG='$(MAKEDEPPROG)'			\
 		SHARED_LDFLAGS='$(SHARED_LDFLAGS)'		\
 		KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)'	\
+		ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'	\
 		EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)'	\
 		SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)'	\
 		PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)'	\
@@ -403,8 +404,8 @@ test:   tests

 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on tests );
-	util/opensslwrap.sh version -a
+	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
+	OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a

 report:
 	@$(PERL) util/selftest.pl
@@ -579,7 +580,7 @@ install_html_docs:
 				grep -v $$filecase "^$$fn\$$" | \
 				(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
 				 while read n; do \
-					$$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
+					PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
 				 done); \
 		done; \
 	done
@@ -610,7 +611,7 @@ install_docs:
 			(grep -v "[	]"; true) | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
-				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
 			 done); \
 	done; \
 	set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
@@ -627,7 +628,7 @@ install_docs:
 			(grep -v "[	]"; true) | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
-				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
 			 done); \
 	done

--- a/3
+++ b/3
@@ -11,7 +11,7 @@
      o RFC3280 path validation: sufficient to process PKITS tests.
      o Integrated support for PVK files and keyblobs.
      o Change default private key format to PKCS#8.
-      o CMS support: able to process all examples in RFCXXXX
+      o CMS support: able to process all examples in RFC4134
      o Streaming ASN1 encode support for PKCS#7 and CMS.
      o Multiple signer and signer add support for PKCS#7 and CMS.
      o ASN1 printing support.
@@ -27,6 +27,7 @@
      o ecdsa-with-SHA224/256/384/512 signature types.
      o dsa-with-SHA224 and dsa-with-SHA256 signature types.
      o Opaque PRF Input TLS extension support.
+      o Updated time routines to avoid OS limitations.

  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:

--- a/2
+++ b/2
@@ -1,5 +1,5 @@

- OpenSSL 1.0.0-dev XX xxx XXXX
+ OpenSSL 1.0.0-beta2 21 Apr 2009

 Copyright (c) 1998-2008 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/5
+++ b/5
@@ -1,10 +1,11 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2009/03/30 11:33:03 $
+  ______________                           $Date: 2009/04/21 15:19:15 $

  DEVELOPMENT STATE

-    o  OpenSSL 1.0:  Under development...
+    o  OpenSSL 1.0.0-beta2: Released on April 21st, 2009
+    o  OpenSSL 1.0.0-beta1: Released on April 1st, 2009
    o  OpenSSL 0.9.8h: Released on May       28th, 2008
    o  OpenSSL 0.9.8g: Released on October   19th, 2007
    o  OpenSSL 0.9.8f: Released on October   11th, 2007
--- a/4
+++ b/4
@@ -1366,7 +1366,7 @@ $multilib     =

 *** debug-ben-debug
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$cflags       = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@@ -3691,7 +3691,7 @@ $multilib     = 64

 *** mingw
 $cc           = gcc
-$cflags       = -mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall
+$cflags       = -mno-cygwin -DL_ENDIAN -DOPENSSL_NO_CAPIENG -fomit-frame-pointer -O3 -march=i486 -Wall
 $unistd       = 
 $thread_cflag = 
 $sys_id       = MINGW32
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -259,13 +259,6 @@ int str2fmt(char *s)
 		return(FORMAT_ASN1);
 	else if ((*s == 'T') || (*s == 't'))
 		return(FORMAT_TEXT);
-	else if ((*s == 'P') || (*s == 'p'))
- 		{
- 		if (s[1] == 'V' || s[1] == 'v')
- 			return FORMAT_PVK;
- 		else
-  			return(FORMAT_PEM);
- 		}
  	else if ((*s == 'N') || (*s == 'n'))
  		return(FORMAT_NETSCAPE);
  	else if ((*s == 'S') || (*s == 's'))
@@ -278,6 +271,13 @@ int str2fmt(char *s)
 		return(FORMAT_PKCS12);
 	else if ((*s == 'E') || (*s == 'e'))
 		return(FORMAT_ENGINE);
+	else if ((*s == 'P') || (*s == 'p'))
+ 		{
+ 		if (s[1] == 'V' || s[1] == 'v')
+ 			return FORMAT_PVK;
+ 		else
+  			return(FORMAT_PEM);
+ 		}
 	else
 		return(FORMAT_UNDEF);
 	}
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -704,7 +704,7 @@ int MAIN(int argc, char **argv)

 		if (secret_key && !secret_keyid)
 			{
-			BIO_printf(bio_err, "No sectre key id\n");
+			BIO_printf(bio_err, "No secret key id\n");
 			goto end;
 			}

--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -79,6 +79,26 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  const char *sig_name, const char *md_name,
 	  const char *file,BIO *bmd);

+static void list_md_fn(const EVP_MD *m,
+			const char *from, const char *to, void *arg)
+	{
+	const char *mname;
+	/* Skip aliases */
+	if (!m)
+		return;
+	mname = OBJ_nid2ln(EVP_MD_type(m));
+	/* Skip shortnames */
+	if (strcmp(from, mname))
+		return;
+	/* Skip clones */
+	if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST)
+		return;
+	if (strchr(mname, ' '))
+		mname= EVP_MD_name(m);
+	BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n",
+			mname, mname);
+	}
+
 int MAIN(int, char **);

 int MAIN(int argc, char **argv)
@@ -249,43 +269,17 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
 		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
+		BIO_printf(bio_err,"-out filename   output to filename rather than stdout\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-sigopt nm:v    signature parameter\n");
 		BIO_printf(bio_err,"-hmac key       create hashed MAC with key\n");
+		BIO_printf(bio_err,"-mac algorithm  create MAC (not neccessarily HMAC)\n"); 
+		BIO_printf(bio_err,"-macopt nm:v    MAC algorithm parameters or key\n");
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 #endif

-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n",
-			LN_md5,LN_md5);
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-			LN_md4,LN_md4);
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-			LN_md2,LN_md2);
-#ifndef OPENSSL_NO_SHA
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-			LN_sha1,LN_sha1);
-#ifndef OPENSSL_NO_SHA256
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-			LN_sha224,LN_sha224);
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-			LN_sha256,LN_sha256);
-#endif
-#ifndef OPENSSL_NO_SHA512
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-			LN_sha384,LN_sha384);
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-			LN_sha512,LN_sha512);
-#endif
-#endif
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-			LN_mdc2,LN_mdc2);
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-			LN_ripemd160,LN_ripemd160);
-#ifndef OPENSSL_NO_WHIRLPOOL
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-			SN_whirlpool,SN_whirlpool);
-#endif
+		EVP_MD_do_all_sorted(list_md_fn, bio_err);
 		goto end;
 		}

--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -105,9 +105,9 @@ int MAIN(int argc, char **argv)
 	char *inrand=NULL;
 	BIO *out=NULL;
 	BIGNUM *bn = BN_new();
-	RSA *rsa = RSA_new();
+	RSA *rsa = NULL;

-	if(!bn || !rsa) goto err;
+	if(!bn) goto err;

 	apps_startup();
 	BN_GENCB_set(&cb, genrsa_cb, bio_err);
@@ -266,6 +266,10 @@ bad:
 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);

+	rsa = RSA_new();
+	if (!rsa)
+		goto err;
+
 	if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
 		goto err;
 		
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -62,6 +62,8 @@
 				   on OpenVMS */
 #endif

+#define USE_SOCKETS
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -231,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment

 subjectKeyIdentifier=hash

-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier=keyid:always,issuer

 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
@@ -264,7 +264,7 @@ basicConstraints = CA:true
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.

 # issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier=keyid:always

 [ proxy_cert_ext ]
 # These extensions should be added when creating a proxy certificate
@@ -297,7 +297,7 @@ nsComment			= "OpenSSL Generated Certificate"

 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+authorityKeyIdentifier=keyid,issuer

 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -231,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment

 subjectKeyIdentifier=hash

-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier=keyid:always,issuer

 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
@@ -264,7 +264,7 @@ basicConstraints = CA:true
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.

 # issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier=keyid:always

 [ proxy_cert_ext ]
 # These extensions should be added when creating a proxy certificate
@@ -297,7 +297,7 @@ nsComment			= "OpenSSL Generated Certificate"

 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+authorityKeyIdentifier=keyid,issuer

 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
@@ -179,7 +179,7 @@ int MAIN(int argc, char **argv)
 	pkey = PEM_read_bio_Parameters(in, NULL);
 	if (!pkey)
 		{
-		BIO_printf(bio_err, "Error reading paramters\n");
+		BIO_printf(bio_err, "Error reading parameters\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -390,7 +390,7 @@ static void usage()
 	BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
 	BIO_printf(bio_err, "-in file        input file\n");
 	BIO_printf(bio_err, "-out file       output file\n");
-	BIO_printf(bio_err, "-signature file signature file (verify operation only)\n");
+	BIO_printf(bio_err, "-sigfile file signature file (verify operation only)\n");
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
 	BIO_printf(bio_err, "-pubin          input is a public key\n");
--- a/apps/req.c
+++ b/apps/req.c
@@ -365,11 +365,6 @@ int MAIN(int argc, char **argv)
 			serial = s2i_ASN1_INTEGER(NULL, *(++argv));
 			if (!serial) goto bad;
 			}
-		else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
-			{
-			/* ok */
-			digest=md_alg;
-			}
 		else if (strcmp(*argv,"-extensions") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -380,6 +375,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			req_exts = *(++argv);
 			}
+		else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+			{
+			/* ok */
+			digest=md_alg;
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -671,7 +671,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
 			return p->extension_error;
 		if (ctx2)
 			{
-			BIO_printf(p->biodebug,"Swiching server context.\n");
+			BIO_printf(p->biodebug,"Switching server context.\n");
 			SSL_set_SSL_CTX(s,ctx2);
 			}     
 		}
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -165,6 +165,9 @@ int MAIN(int argc, char **argv)
 		BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
 		}

+	if (!load_config(bio_err, NULL))
+		goto cleanup;
+
 	for (argc--, argv++; argc > 0; argc--, argv++)
 		{
 		if (strcmp(*argv, "-config") == 0)
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -5,9 +5,9 @@
 DIR=		crypto
 TOP=		..
 CC=		cc
-INCLUDE=	-I. -I$(TOP) -I../include
+INCLUDE=	-I. -I$(TOP) -I../include $(ZLIB_INCLUDE)
 # INCLUDES targets sudbirs!
-INCLUDES=	-I.. -I../.. -I../asn1 -I../evp -I../../include
+INCLUDES=	-I.. -I../.. -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE)
 CFLAG=		-g
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -243,7 +243,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
 		p=OPENSSL_malloc(len);
 		if (p == NULL)
 			{
-			ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
+			ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ,
 				ERR_R_MALLOC_FAILURE);
 			return(NULL);
 			}
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -112,7 +112,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
 	ts=OPENSSL_gmtime(&t,&data);
 	if (ts == NULL)
 		{
-		ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
+		ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
 		return NULL;
 		}
 	if (offset_day || offset_sec)
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -221,7 +221,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
 		p=OPENSSL_malloc(len);
 		if (p == NULL)
 			{
-			ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);
+			ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE);
 			return(NULL);
 			}
 		if (s->data != NULL)
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -1172,6 +1172,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_ENUMERATED_TO_BN			 113
 #define ASN1_F_ASN1_EX_C2I				 204
 #define ASN1_F_ASN1_FIND_END				 190
+#define ASN1_F_ASN1_GENERALIZEDTIME_ADJ			 216
 #define ASN1_F_ASN1_GENERALIZEDTIME_SET			 185
 #define ASN1_F_ASN1_GENERATE_V3				 178
 #define ASN1_F_ASN1_GET_OBJECT				 114
@@ -1206,10 +1207,12 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132
 #define ASN1_F_ASN1_TEMPLATE_NEW			 133
 #define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I			 131
+#define ASN1_F_ASN1_TIME_ADJ				 217
 #define ASN1_F_ASN1_TIME_SET				 175
 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
 #define ASN1_F_ASN1_UNPACK_STRING			 136
+#define ASN1_F_ASN1_UTCTIME_ADJ				 218
 #define ASN1_F_ASN1_UTCTIME_SET				 187
 #define ASN1_F_ASN1_VERIFY				 137
 #define ASN1_F_B64_READ_ASN1				 209
@@ -1278,7 +1281,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_BAD_OBJECT_HEADER			 102
 #define ASN1_R_BAD_PASSWORD_READ			 103
 #define ASN1_R_BAD_TAG					 104
-#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 210
+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 214
 #define ASN1_R_BN_LIB					 105
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
 #define ASN1_R_BUFFER_TOO_SMALL				 107
@@ -1370,7 +1373,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
 #define ASN1_R_UNEXPECTED_EOC				 159
-#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 211
+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 215
 #define ASN1_R_UNKNOWN_FORMAT				 160
 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
 #define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -90,6 +90,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN),	"ASN1_ENUMERATED_to_BN"},
 {ERR_FUNC(ASN1_F_ASN1_EX_C2I),	"ASN1_EX_C2I"},
 {ERR_FUNC(ASN1_F_ASN1_FIND_END),	"ASN1_FIND_END"},
+{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ),	"ASN1_GENERALIZEDTIME_adj"},
 {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET),	"ASN1_GENERALIZEDTIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3),	"ASN1_generate_v3"},
 {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT),	"ASN1_get_object"},
@@ -124,10 +125,12 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I),	"ASN1_TEMPLATE_EX_D2I"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),	"ASN1_TEMPLATE_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I),	"ASN1_TEMPLATE_NOEXP_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TIME_ADJ),	"ASN1_TIME_adj"},
 {ERR_FUNC(ASN1_F_ASN1_TIME_SET),	"ASN1_TIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),	"ASN1_TYPE_get_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),	"ASN1_unpack_string"},
+{ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ),	"ASN1_UTCTIME_adj"},
 {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),	"ASN1_UTCTIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_VERIFY),	"ASN1_verify"},
 {ERR_FUNC(ASN1_F_B64_READ_ASN1),	"B64_READ_ASN1"},
@@ -176,7 +179,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV),	"PKCS5_pbe2_set_iv"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET),	"PKCS5_pbe_set"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR),	"PKCS5_pbe_set0_algor"},
-{ERR_FUNC(ASN1_F_SMIME_READ_ASN1),	"SMIME_read_asn1"},
+{ERR_FUNC(ASN1_F_SMIME_READ_ASN1),	"SMIME_read_ASN1"},
 {ERR_FUNC(ASN1_F_SMIME_TEXT),	"SMIME_text"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),	"X509_CINF_NEW"},
 {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),	"X509_CRL_add0_revoked"},
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -810,7 +810,7 @@ int BIO_accept(int sock, char **addr)
 #ifdef EAI_FAMILY
 # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_BEOS_BONE) || defined(OPENSSL_SYS_MSDOS)
 #  define SOCKLEN_T size_t
-# else
+# elif !defined(SOCKLEN_T)
 #  define SOCKLEN_T socklen_t
 #endif
 	do {
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -159,6 +159,7 @@ extern "C" {

 #define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */

+#define BIO_CTRL_DGRAM_SET_TIMEOUT        45

 /* modifiers */
 #define BIO_FP_READ		0x02
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -66,6 +66,10 @@

 #include <openssl/bio.h>

+#ifdef OPENSSL_SYS_WIN32
+#include <sys/timeb.h>
+#endif
+
 #define IP_MTU      14 /* linux is lame */

 #ifdef WATT32
@@ -104,6 +108,8 @@ typedef struct bio_dgram_data_st
 	unsigned int connected;
 	unsigned int _errno;
 	unsigned int mtu;
+	struct timeval hstimeoutdiff;
+	struct timeval hstimeout;
 	} bio_dgram_data;

 BIO_METHOD *BIO_s_datagram(void)
@@ -196,6 +202,30 @@ static int dgram_read(BIO *b, char *out, int outl)
 				BIO_set_retry_read(b);
 				data->_errno = get_last_socket_error();
 				}
+			memset(&(data->hstimeout), 0, sizeof(struct timeval));
+			}
+		else
+			{
+			if (data->hstimeout.tv_sec > 0 || data->hstimeout.tv_usec > 0)
+				{
+				struct timeval curtime;
+#ifdef OPENSSL_SYS_WIN32
+				struct _timeb tb;
+				_ftime(&tb);
+				curtime.tv_sec = (long)tb.time;
+				curtime.tv_usec = (long)tb.millitm * 1000;
+#else
+				gettimeofday(&curtime, NULL);
+#endif
+
+				if (curtime.tv_sec >= data->hstimeout.tv_sec &&
+					curtime.tv_usec >= data->hstimeout.tv_usec)
+					{
+					data->_errno = EAGAIN;
+					ret = -1;
+					memset(&(data->hstimeout), 0, sizeof(struct timeval));
+					}
+				}
 			}
 		}
 	return(ret);
@@ -345,6 +375,30 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)

        memcpy(&(data->peer), to, sizeof(struct sockaddr));
        break;
+	case BIO_CTRL_DGRAM_SET_TIMEOUT:
+		if (num > 0)
+			{
+#ifdef OPENSSL_SYS_WIN32
+			struct _timeb tb;
+			_ftime(&tb);
+			data->hstimeout.tv_sec = (long)tb.time;
+			data->hstimeout.tv_usec = (long)tb.millitm * 1000;
+#else
+			gettimeofday(&(data->hstimeout), NULL);
+#endif
+			data->hstimeout.tv_sec += data->hstimeoutdiff.tv_sec;
+			data->hstimeout.tv_usec += data->hstimeoutdiff.tv_usec;
+			if (data->hstimeout.tv_usec >= 1000000)
+				{
+				data->hstimeout.tv_sec++;
+				data->hstimeout.tv_usec -= 1000000;
+				}
+			}
+		else
+			{
+			memset(&(data->hstimeout), 0, sizeof(struct timeval));
+			}
+		break;
 #if defined(SO_RCVTIMEO)
 	case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
 #ifdef OPENSSL_SYS_WINDOWS
@@ -360,6 +414,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 			sizeof(struct timeval)) < 0)
 			{ perror("setsockopt");	ret = -1; }
 #endif
+		memcpy(&(data->hstimeoutdiff), ptr, sizeof(struct timeval));
 		break;
 	case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
 #ifdef OPENSSL_SYS_WINDOWS
--- a/crypto/camellia/asm/cmll-x86.pl
+++ b/crypto/camellia/asm/cmll-x86.pl
@@ -1133,6 +1133,6 @@ my ($s0,$s1,$s2,$s3) = @T;
 &function_end("Camellia_cbc_encrypt");
 }

-&asciz("Camellia for x86 by <appro@openssl.org>");
+&asciz("Camellia for x86 by <appro\@openssl.org>");

 &asm_finish();
--- a/crypto/camellia/asm/cmll-x86_64.pl
+++ b/crypto/camellia/asm/cmll-x86_64.pl
@@ -859,7 +859,7 @@ Camellia_cbc_encrypt:
 	ret
 .size	Camellia_cbc_encrypt,.-Camellia_cbc_encrypt

-.asciz	"Camellia for x86_64 by <appro@openssl.org>"
+.asciz	"Camellia for x86_64 by <appro\@openssl.org>"
 ___
 }

--- a/crypto/camellia/camellia.c
+++ b/crypto/camellia/camellia.c
@@ -91,10 +91,24 @@
 # if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
 #  define RightRotate(x, s) _lrotr(x, s)
 #  define LeftRotate(x, s)  _lrotl(x, s)
+#  if _MSC_VER >= 1400
+#   define SWAP(x) _byteswap_ulong(x)
+#  else
+#   define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+#  endif
+#  define GETU32(p)   SWAP(*((u32 *)(p)))
+#  define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v)))
 # elif defined(__GNUC__) && __GNUC__>=2
 #  if defined(__i386) || defined(__x86_64)
 #   define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
 #   define LeftRotate(x,s)  ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
+#   if defined(B_ENDIAN) /* stratus.com does it */
+#    define GETU32(p)   (*(u32 *)(p))
+#    define PUTU32(p,v) (*(u32 *)(p)=(v))
+#   else
+#    define GETU32(p)   ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; })
+#    define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; })
+#   endif
 #  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
 #   define LeftRotate(x,s)  ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; })
@@ -102,13 +116,20 @@
 #  elif defined(__s390x__)
 #   define LeftRotate(x,s)  ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; })
 #   define RightRotate(x,s) LeftRotate(x,(32-s))
+#   define GETU32(p)   (*(u32 *)(p))
+#   define PUTU32(p,v) (*(u32 *)(p)=(v))
 #  endif
 # endif
 #endif

 #if !defined(RightRotate) && !defined(LeftRotate)
-#define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
-#define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
+# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
+# define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
+#endif
+
+#if !defined(GETU32) && !defined(PUTU32)
+# define GETU32(p)   (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] <<  8) ^ ((u32)(p)[3]))
+# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >>  8), (p)[3] = (u8)(v))
 #endif

 /* S-box data */
--- a/crypto/camellia/cmll_locl.h
+++ b/crypto/camellia/cmll_locl.h
@@ -71,30 +71,6 @@
 typedef unsigned int  u32;
 typedef unsigned char u8;

-#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
-# if _MSC_VER >= 1400
-#  define SWAP(x) _byteswap_ulong(x)
-# else
-#  define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
-# endif
-# define GETU32(p)   SWAP(*((u32 *)(p)))
-# define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v)))
-#elif defined(__GNUC__) && __GNUC__>=2 && (defined(__i386) || defined(__x86_64)) && !defined(PEDANTIC)
-# if defined(B_ENDIAN) /* stratus.com does it */
-#  define GETU32(p)   (*(u32 *)(p))
-#  define PUTU32(p,v) (*(u32 *)(p)=(v))
-# else
-#  define GETU32(p)   ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; })
-#  define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; })
-# endif
-#elif defined(__s390__) || defined(__s390x__)
-# define GETU32(p)   (*(u32 *)(p))
-# define PUTU32(p,v) (*(u32 *)(p)=(v))
-#else
-# define GETU32(p)   (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] <<  8) ^ ((u32)(p)[3]))
-# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >>  8), (p)[3] = (u8)(v))
-#endif
-
 int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE keyTable);
 void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], 
 		const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -205,7 +205,7 @@ int CRYPTO_get_new_lockid(char *name)
 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
 	/* A hack to make Visual C++ 5.0 work correctly when linking as
 	 * a DLL using /MT. Without this, the application cannot use
-	 * and floating point printf's.
+	 * any floating point printf's.
 	 * It also seems to be needed for Visual C 1.5 (win16) */
 	SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
 #endif
--- a/crypto/des/enc_read.c
+++ b/crypto/des/enc_read.c
@@ -150,7 +150,7 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
 	/* first - get the length */
 	while (net_num < HDRSIZE) 
 		{
-#ifndef _WIN32
+#ifndef OPENSSL_SYS_WIN32
 		i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
 #else
 		i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
@@ -176,7 +176,11 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
 	net_num=0;
 	while (net_num < rnum)
 		{
+#ifndef OPENSSL_SYS_WIN32
 		i=read(fd,(void *)&(net[net_num]),rnum-net_num);
+#else
+		i=_read(fd,(void *)&(net[net_num]),rnum-net_num);
+#endif
 #ifdef EINTR
 		if ((i == -1) && (errno == EINTR)) continue;
 #endif
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -69,12 +69,15 @@ static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 	if(operation == ASN1_OP_NEW_PRE) {
 		DSA_SIG *sig;
 		sig = OPENSSL_malloc(sizeof(DSA_SIG));
+		if (!sig)
+			{
+			DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
 		sig->r = NULL;
 		sig->s = NULL;
 		*pval = (ASN1_VALUE *)sig;
-		if(sig) return 2;
-		DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
-		return 0;
+		return 2;
 	}
 	return 1;
 }
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -421,6 +421,7 @@ int EVP_MD_type(const EVP_MD *md);
 int EVP_MD_pkey_type(const EVP_MD *md);	
 int EVP_MD_size(const EVP_MD *md);
 int EVP_MD_block_size(const EVP_MD *md);
+unsigned long EVP_MD_flags(const EVP_MD *md);

 const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
 #define EVP_MD_CTX_size(e)		EVP_MD_size(EVP_MD_CTX_md(e))
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -263,6 +263,11 @@ int EVP_MD_size(const EVP_MD *md)
 	return md->md_size;
 	}

+unsigned long EVP_MD_flags(const EVP_MD *md)
+	{
+	return md->flags;
+	}
+
 const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
 	{
 	if (!ctx)
--- a/crypto/evp/names.c
+++ b/crypto/evp/names.c
@@ -145,7 +145,7 @@ static void do_all_cipher_fn(const OBJ_NAME *nm, void *arg)
 	if (nm->alias)
 		dc->fn(NULL, nm->name, nm->data, dc->arg);
 	else
-		dc->fn((const EVP_CIPHER *)nm->data, NULL, NULL, dc->arg);
+		dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg);
 	}

 void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph,
@@ -179,7 +179,7 @@ static void do_all_md_fn(const OBJ_NAME *nm, void *arg)
 	if (nm->alias)
 		dc->fn(NULL, nm->name, nm->data, dc->arg);
 	else
-		dc->fn((const EVP_MD *)nm->data, NULL, NULL, dc->arg);
+		dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg);
 	}

 void EVP_MD_do_all(void (*fn)(const EVP_MD *md,
--- a/crypto/mem_dbg.c
+++ b/crypto/mem_dbg.c
@@ -787,7 +787,7 @@ void CRYPTO_mem_leaks(BIO *b)
 		 * XXX    This should be in CRYPTO_mem_leaks_cb,
 		 * and CRYPTO_mem_leaks should be implemented by
 		 * using CRYPTO_mem_leaks_cb.
-		 * (Also their should be a variant of lh_doall_arg
+		 * (Also there should be a variant of lh_doall_arg
 		 * that takes a function pointer instead of a void *;
 		 * this would obviate the ugly and illegal
 		 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@@ -1054,24 +1054,34 @@ const void *	OBJ_bsearch_ex_(const void *key,const void *base,int num,
 * the non-constness means a lot of complication, and in practice
 * comparison routines do always not touch their arguments.
 */
-#define _IMPLEMENT_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm)	\
+
+#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm)	\
  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)	\
      { \
      type1 const *a = a_; \
      type2 const *b = b_; \
      return nm##_cmp(a,b); \
      } \
-  scope type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+  static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
      { \
      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
 					nm##_cmp_BSEARCH_CMP_FN); \
      } \
      extern void dummy_prototype(void)

-#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \
-  _IMPLEMENT_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
-#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, cmp)	\
-  _IMPLEMENT_OBJ_BSEARCH_CMP_FN(, type1, type2, cmp)
+#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)	\
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)	\
+      { \
+      type1 const *a = a_; \
+      type2 const *b = b_; \
+      return nm##_cmp(a,b); \
+      } \
+  type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+      { \
+      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+					nm##_cmp_BSEARCH_CMP_FN); \
+      } \
+      extern void dummy_prototype(void)

 #define OBJ_bsearch(type1,key,type2,base,num,cmp)			       \
  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
--- a/crypto/objects/objxref.pl
+++ b/crypto/objects/objxref.pl
@@ -54,10 +54,13 @@ my @srt2 = sort

 	return $ap2 - $bp2;
 	} @xrkeys;
-	
+
+my $pname = $0;
+
+$pname =~ s|^.[^/]/||;

 print <<EOF;
-/* AUTOGENERATED BY $0, DO NOT EDIT */
+/* AUTOGENERATED BY $pname, DO NOT EDIT */

 typedef struct
 	{
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,11 +25,11 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER	0x10100000L
+#define OPENSSL_VERSION_NUMBER	0x10000002L
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.1.0-fips-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0-fips-beta2 21 Apr 2009"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.1.0-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0-beta2 21 Apr 2009"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT

@@ -83,7 +83,7 @@
 * should only keep the versions that are binary compatible with the current.
 */
 #define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "1.1.0"
+#define SHLIB_VERSION_NUMBER "1.0.0"


 #endif /* HEADER_OPENSSLV_H */
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -63,16 +63,13 @@
 /* Simplified PKCS#12 routines */

 static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
-		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+		EVP_PKEY **pkey, STACK_OF(X509) *ocerts);

 static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-		       int passlen, EVP_PKEY **pkey, X509 **cert,
-		       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
-		       char *keymatch);
+		       int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);

 static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-			EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-			ASN1_OCTET_STRING **keyid, char *keymatch);
+			EVP_PKEY **pkey, STACK_OF(X509) *ocerts);

 /* Parse and decrypt a PKCS#12 structure returning user key, user cert
 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
@@ -83,24 +80,20 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 	     STACK_OF(X509) **ca)
 {
-
+	STACK_OF(X509) *ocerts = NULL;
+	X509 *x = NULL;
 	/* Check for NULL PKCS12 structure */

-	if(!p12) {
+	if(!p12)
+		{
 		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
 		return 0;
-	}
-
-	/* Allocate stack for ca certificates if needed */
-	if ((ca != NULL) && (*ca == NULL)) {
-		if (!(*ca = sk_X509_new_null())) {
-			PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
-			return 0;
 		}
-	}

-	if(pkey) *pkey = NULL;
-	if(cert) *cert = NULL;
+	if(pkey)
+		*pkey = NULL;
+	if(cert)
+		*cert = NULL;

 	/* Check the mac */

@@ -122,19 +115,61 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 		goto err;
 	}

-	if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
+	/* Allocate stack for other certificates */
+	ocerts = sk_X509_new_null();
+
+	if (!ocerts)
+		{
+		PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+
+	if (!parse_pk12 (p12, pass, -1, pkey, ocerts))
 		{
 		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
 		goto err;
 		}

+	while ((x = sk_X509_pop(ocerts)))
+		{
+		if (pkey && *pkey && cert && !*cert)
+			{
+			if (X509_check_private_key(x, *pkey))
+				{
+				*cert = x;
+				x = NULL;
+				}
+			}
+
+		if (ca && x)
+			{
+			if (!*ca)
+				*ca = sk_X509_new_null();
+			if (!*ca)
+				goto err;
+			if (!sk_X509_push(*ca, x))
+				goto err;
+			x = NULL;
+			}
+		if (x)
+			X509_free(x);
+		}
+
+	if (ocerts)
+		sk_X509_pop_free(ocerts, X509_free);
+
 	return 1;

 err:

-	if (pkey && *pkey) EVP_PKEY_free(*pkey);
-	if (cert && *cert) X509_free(*cert);
-	if (ca) sk_X509_pop_free(*ca, X509_free);
+	if (pkey && *pkey)
+		EVP_PKEY_free(*pkey);
+	if (cert && *cert)
+		X509_free(*cert);
+	if (x)
+		X509_free(*cert);
+	if (ocerts)
+		sk_X509_pop_free(ocerts, X509_free);
 	return 0;

 }
@@ -142,15 +177,13 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 /* Parse the outer PKCS#12 structure */

 static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
-	     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+	     EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
 {
 	STACK_OF(PKCS7) *asafes;
 	STACK_OF(PKCS12_SAFEBAG) *bags;
 	int i, bagnid;
 	PKCS7 *p7;
-	ASN1_OCTET_STRING *keyid = NULL;

-	char keymatch = 0;
 	if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
 	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
 		p7 = sk_PKCS7_value (asafes, i);
@@ -164,8 +197,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
 			sk_PKCS7_pop_free(asafes, PKCS7_free);
 			return 0;
 		}
-	    	if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
-							 &keyid, &keymatch)) {
+	    	if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
 			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 			sk_PKCS7_pop_free(asafes, PKCS7_free);
 			return 0;
@@ -173,89 +205,65 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
 		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 	}
 	sk_PKCS7_pop_free(asafes, PKCS7_free);
-	if (keyid) M_ASN1_OCTET_STRING_free(keyid);
 	return 1;
 }


 static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-		      int passlen, EVP_PKEY **pkey, X509 **cert,
-		      STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
-		      char *keymatch)
+		      int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
 {
 	int i;
 	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
 		if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
-			 pass, passlen, pkey, cert, ca, keyid,
-							 keymatch)) return 0;
+				 pass, passlen, pkey, ocerts))
+			return 0;
 	}
 	return 1;
 }

-#define MATCH_KEY  0x1
-#define MATCH_CERT 0x2
-#define MATCH_ALL  0x3
-
 static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-		     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-		     ASN1_OCTET_STRING **keyid,
-		     char *keymatch)
+		     EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
 {
 	PKCS8_PRIV_KEY_INFO *p8;
 	X509 *x509;
-	ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
 	ASN1_TYPE *attrib;
 	ASN1_BMPSTRING *fname = NULL;
+	ASN1_OCTET_STRING *lkid = NULL;

 	if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
 		fname = attrib->value.bmpstring;

-	if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
-		lkey = attrib->value.octet_string;
-		ckid = lkey;
-	}
+	if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
+		lkid = attrib->value.octet_string;

-	/* Check for any local key id matching (if needed) */
-	if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
-		if (*keyid) {
-			if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
-		} else {
-			if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
-				PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE);
-				return 0;
-		    }
-		}
-	}
-	
 	switch (M_PKCS12_bag_type(bag))
 	{
 	case NID_keyBag:
-		if (!lkey || !pkey) return 1;	
-		if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
-		*keymatch |= MATCH_KEY;
+		if (!pkey || *pkey)
+			return 1;	
+		if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
+			return 0;
 	break;

 	case NID_pkcs8ShroudedKeyBag:
-		if (!lkey || !pkey) return 1;	
+		if (!pkey || *pkey)
+			return 1;	
 		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
 				return 0;
 		*pkey = EVP_PKCS82PKEY(p8);
 		PKCS8_PRIV_KEY_INFO_free(p8);
 		if (!(*pkey)) return 0;
-		*keymatch |= MATCH_KEY;
 	break;

 	case NID_certBag:
 		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
-								 return 1;
-		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
-		if(ckid)
+			return 1;
+		if (!(x509 = PKCS12_certbag2x509(bag)))
+			return 0;
+		if(lkid && !X509_keyid_set1(x509, lkid->data, lkid->length))
 			{
-			if (!X509_keyid_set1(x509, ckid->data, ckid->length))
-				{
-				X509_free(x509);
-				return 0;
-				}
+			X509_free(x509);
+			return 0;
 			}
 		if(fname) {
 			int len, r;
@@ -272,20 +280,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 			}
 		}

+		if(!sk_X509_push(ocerts, x509))
+			{
+			X509_free(x509);
+			return 0;
+			}

-		if (lkey) {
-			*keymatch |= MATCH_CERT;
-			if (cert) *cert = x509;
-			else X509_free(x509);
-		} else {
-			if(ca) sk_X509_push (*ca, x509);
-			else X509_free(x509);
-		}
 	break;

 	case NID_safeContentsBag:
 		return parse_bags(bag->value.safes, pass, passlen,
-			 		pkey, cert, ca, keyid, keymatch);
+			 		pkey, ocerts);
 	break;

 	default:
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -133,7 +133,50 @@
 # define FD_SETSIZE (8*sizeof(fd_set))
 #endif

-#ifdef __OpenBSD__
+#ifdef __VOS__
+int RAND_poll(void)
+{
+	unsigned char buf[ENTROPY_NEEDED];
+	pid_t curr_pid;
+	uid_t curr_uid;
+	static int first=1;
+	int i;
+	long rnd = 0;
+	struct timespec ts;
+	unsigned seed;
+
+/* The VOS random() function starts from a static seed so its
+   initial value is predictable.  If random() returns the
+   initial value, reseed it with dynamic data.  The VOS
+   real-time clock has a granularity of 1 nsec so it should be
+   reasonably difficult to predict its exact value.  Do not
+   gratuitously reseed the PRNG because other code in this
+   process or thread may be using it.  */
+
+	if (first) {
+		first = 0;
+		rnd = random ();
+		if (rnd == 1804289383) {
+			clock_gettime (CLOCK_REALTIME, &ts);
+			curr_pid = getpid();
+			curr_uid = getuid();
+			seed = ts.tv_sec ^ ts.tv_nsec ^ curr_pid ^ curr_uid;
+			srandom (seed);
+		}
+	}
+
+	for (i = 0; i < sizeof(buf); i++) {
+		if (i % 4 == 0)
+			rnd = random();
+		buf[i] = rnd;
+		rnd >>= 8;
+	}
+	RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+	memset(buf, 0, sizeof(buf));
+
+	return 1;
+}
+#elif defined __OpenBSD__
 int RAND_poll(void)
 {
 	u_int32_t rnd = 0, i;
--- a/crypto/stack/safestack.h
+++ b/crypto/stack/safestack.h
@@ -213,7 +213,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp))
 #define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st)
 #define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func))
-#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
 #define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st))
 #define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))
 #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
@@ -236,7 +235,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp))
 #define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st)
 #define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func))
-#define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st))
 #define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st))
 #define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st))
 #define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st))
@@ -259,7 +257,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp))
 #define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st)
 #define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func))
-#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
 #define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))
 #define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))
 #define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))
@@ -282,7 +279,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp))
 #define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st)
 #define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func))
-#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))
 #define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st))
 #define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st))
 #define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))
@@ -305,7 +301,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp))
 #define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st)
 #define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func))
-#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))
 #define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st))
 #define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st))
 #define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))
@@ -328,7 +323,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp))
 #define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st)
 #define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func))
-#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))
 #define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st))
 #define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st))
 #define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))
@@ -351,7 +345,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp))
 #define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st)
 #define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func))
-#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))
 #define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st))
 #define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))
 #define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
@@ -374,7 +367,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp))
 #define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st)
 #define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func))
-#define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st))
 #define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st))
 #define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st))
 #define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st))
@@ -397,7 +389,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp))
 #define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st)
 #define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func))
-#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))
 #define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st))
 #define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st))
 #define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))
@@ -420,7 +411,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp))
 #define sk_BIO_dup(st) SKM_sk_dup(BIO, st)
 #define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func))
-#define sk_BIO_free(st) SKM_sk_free(BIO, (st))
 #define sk_BIO_shift(st) SKM_sk_shift(BIO, (st))
 #define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))
 #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
@@ -443,7 +433,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp))
 #define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st)
 #define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func))
-#define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st))
 #define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st))
 #define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st))
 #define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st))
@@ -466,7 +455,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp))
 #define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st)
 #define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func))
-#define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st))
 #define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st))
 #define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st))
 #define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st))
@@ -489,7 +477,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp))
 #define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st)
 #define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func))
-#define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st))
 #define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st))
 #define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st))
 #define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st))
@@ -512,7 +499,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp))
 #define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st)
 #define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func))
-#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st))
 #define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st))
 #define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st))
 #define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st))
@@ -535,7 +521,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp))
 #define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st)
 #define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func))
-#define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st))
 #define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st))
 #define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st))
 #define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st))
@@ -558,7 +543,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp))
 #define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st)
 #define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func))
-#define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st))
 #define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st))
 #define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st))
 #define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st))
@@ -581,7 +565,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp))
 #define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st)
 #define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func))
-#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
 #define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))
 #define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))
 #define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
@@ -604,7 +587,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp))
 #define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st)
 #define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func))
-#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))
 #define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))
 #define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))
 #define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
@@ -627,7 +609,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp))
 #define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st)
 #define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func))
-#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))
 #define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st))
 #define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st))
 #define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
@@ -650,7 +631,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp))
 #define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st)
 #define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))
-#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))
 #define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))
 #define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))
 #define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
@@ -673,7 +653,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp))
 #define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st)
 #define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func))
-#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
@@ -696,7 +675,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp))
 #define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st)
 #define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func))
-#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
 #define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st))
 #define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))
 #define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
@@ -719,7 +697,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp))
 #define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st)
 #define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func))
-#define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))
 #define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st))
 #define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st))
 #define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))
@@ -742,7 +719,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp))
 #define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st)
 #define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func))
-#define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))
 #define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st))
 #define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st))
 #define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
@@ -765,7 +741,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp))
 #define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st)
 #define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func))
-#define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st))
 #define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st))
 #define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st))
 #define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st))
@@ -788,7 +763,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp))
 #define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st)
 #define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func))
-#define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st))
 #define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st))
 #define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st))
 #define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st))
@@ -811,7 +785,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp))
 #define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st)
 #define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func))
-#define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st))
 #define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st))
 #define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st))
 #define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st))
@@ -834,7 +807,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp))
 #define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st)
 #define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func))
-#define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st))
 #define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st))
 #define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st))
 #define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st))
@@ -857,7 +829,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp))
 #define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st)
 #define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func))
-#define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st))
 #define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st))
 #define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st))
 #define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st))
@@ -880,7 +851,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp))
 #define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st)
 #define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))
-#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
@@ -903,7 +873,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp))
 #define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st)
 #define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func))
-#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st))
 #define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st))
 #define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st))
 #define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st))
@@ -926,7 +895,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp))
 #define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st)
 #define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func))
-#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))
 #define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st))
 #define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st))
 #define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st))
@@ -949,7 +917,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp))
 #define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st)
 #define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func))
-#define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st))
 #define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st))
 #define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st))
 #define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st))
@@ -972,7 +939,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp))
 #define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st)
 #define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func))
-#define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st))
 #define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st))
 #define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st))
 #define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st))
@@ -995,7 +961,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp))
 #define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st)
 #define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func))
-#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
 #define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))
 #define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))
 #define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
@@ -1018,7 +983,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp))
 #define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st)
 #define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func))
-#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))
 #define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))
 #define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))
 #define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
@@ -1041,7 +1005,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp))
 #define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st)
 #define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func))
-#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))
 #define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))
 #define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))
 #define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
@@ -1064,7 +1027,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp))
 #define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st)
 #define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func))
-#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))
 #define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))
 #define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))
 #define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
@@ -1087,7 +1049,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp))
 #define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st)
 #define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func))
-#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))
 #define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))
 #define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))
 #define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
@@ -1110,7 +1071,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp))
 #define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st)
 #define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func))
-#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))
 #define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))
 #define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))
 #define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
@@ -1133,7 +1093,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp))
 #define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st)
 #define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func))
-#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))
 #define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))
 #define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))
 #define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
@@ -1156,7 +1115,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp))
 #define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st)
 #define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func))
-#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))
 #define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))
 #define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))
 #define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
@@ -1179,7 +1137,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp))
 #define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st)
 #define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func))
-#define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st))
 #define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st))
 #define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st))
 #define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st))
@@ -1202,7 +1159,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
 #define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
 #define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
-#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
 #define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
 #define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
 #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
@@ -1225,7 +1181,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
 #define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
 #define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
-#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
 #define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
 #define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
 #define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
@@ -1248,7 +1203,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp))
 #define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st)
 #define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func))
-#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
@@ -1271,7 +1225,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp))
 #define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st)
 #define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func))
-#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))
 #define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))
 #define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))
 #define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
@@ -1294,7 +1247,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
 #define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
 #define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
-#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
 #define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
 #define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
 #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
@@ -1317,7 +1269,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp))
 #define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st)
 #define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func))
-#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st))
 #define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st))
 #define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st))
 #define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st))
@@ -1340,7 +1291,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
 #define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
 #define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
-#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
 #define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
 #define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
 #define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
@@ -1363,7 +1313,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp))
 #define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st)
 #define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func))
-#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
 #define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st))
 #define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st))
 #define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))
@@ -1386,7 +1335,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp))
 #define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st)
 #define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func))
-#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))
 #define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st))
 #define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st))
 #define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))
@@ -1409,7 +1357,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp))
 #define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st)
 #define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func))
-#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))
 #define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st))
 #define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st))
 #define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))
@@ -1432,7 +1379,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp))
 #define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st)
 #define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func))
-#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))
 #define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st))
 #define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st))
 #define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))
@@ -1455,7 +1401,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp))
 #define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st)
 #define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func))
-#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))
 #define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st))
 #define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st))
 #define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))
@@ -1478,7 +1423,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp))
 #define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st)
 #define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func))
-#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))
 #define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st))
 #define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st))
 #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
@@ -1501,7 +1445,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp))
 #define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st)
 #define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func))
-#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st))
 #define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st))
 #define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st))
 #define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))
@@ -1524,7 +1467,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp))
 #define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st)
 #define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func))
-#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
 #define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st))
 #define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st))
 #define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))
@@ -1547,7 +1489,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp))
 #define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st)
 #define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func))
-#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))
 #define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st))
 #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st))
 #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
@@ -1570,7 +1511,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp))
 #define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st)
 #define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func))
-#define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st))
 #define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st))
 #define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st))
 #define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st))
@@ -1593,7 +1533,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp))
 #define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st)
 #define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func))
-#define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st))
 #define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st))
 #define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st))
 #define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st))
@@ -1616,7 +1555,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp))
 #define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st)
 #define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func))
-#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st))
 #define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st))
 #define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st))
 #define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st))
@@ -1639,7 +1577,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp))
 #define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st)
 #define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func))
-#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
 #define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))
 #define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))
 #define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
@@ -1662,7 +1599,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp))
 #define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st)
 #define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func))
-#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))
 #define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st))
 #define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st))
 #define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))
@@ -1685,7 +1621,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp))
 #define sk_X509_dup(st) SKM_sk_dup(X509, st)
 #define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func))
-#define sk_X509_free(st) SKM_sk_free(X509, (st))
 #define sk_X509_shift(st) SKM_sk_shift(X509, (st))
 #define sk_X509_pop(st) SKM_sk_pop(X509, (st))
 #define sk_X509_sort(st) SKM_sk_sort(X509, (st))
@@ -1708,7 +1643,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp))
 #define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st)
 #define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func))
-#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))
 #define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st))
 #define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st))
 #define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))
@@ -1731,7 +1665,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp))
 #define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st)
 #define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func))
-#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))
 #define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st))
 #define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st))
 #define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))
@@ -1754,7 +1687,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp))
 #define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st)
 #define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func))
-#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))
 #define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st))
 #define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st))
 #define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))
@@ -1777,7 +1709,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp))
 #define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st)
 #define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func))
-#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))
 #define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st))
 #define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st))
 #define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))
@@ -1800,7 +1731,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp))
 #define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st)
 #define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func))
-#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))
 #define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st))
 #define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st))
 #define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))
@@ -1823,7 +1753,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp))
 #define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st)
 #define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func))
-#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))
 #define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st))
 #define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st))
 #define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))
@@ -1846,7 +1775,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp))
 #define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st)
 #define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func))
-#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))
 #define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st))
 #define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st))
 #define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))
@@ -1869,7 +1797,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp))
 #define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st)
 #define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func))
-#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))
 #define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st))
 #define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st))
 #define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))
@@ -1892,7 +1819,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp))
 #define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st)
 #define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func))
-#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))
 #define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st))
 #define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st))
 #define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))
@@ -1915,7 +1841,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp))
 #define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st)
 #define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func))
-#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))
 #define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st))
 #define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st))
 #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
@@ -1938,7 +1863,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp))
 #define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st)
 #define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func))
-#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st))
 #define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st))
 #define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st))
 #define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st))
@@ -1961,35 +1885,11 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp))
 #define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st)
 #define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func))
-#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st))
 #define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st))
 #define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st))
 #define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
 #define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))

-#define sk_X509_POLICY_REF_new(cmp) SKM_sk_new(X509_POLICY_REF, (cmp))
-#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF)
-#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val))
-#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr))
-#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i))
-#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp))
-#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st)
-#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func))
-#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st))
-
 #define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp))
 #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
 #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
@@ -2007,7 +1907,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp))
 #define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st)
 #define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func))
-#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
 #define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st))
 #define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st))
 #define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))
@@ -2030,7 +1929,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp))
 #define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st)
 #define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func))
-#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))
 #define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st))
 #define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st))
 #define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))
@@ -2053,7 +1951,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp))
 #define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st)
 #define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func))
-#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))
 #define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st))
 #define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st))
 #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
@@ -2076,7 +1973,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp))
 #define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st)
 #define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func))
-#define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st))
 #define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st))
 #define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st))
 #define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st))
@@ -2099,7 +1995,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp))
 #define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st)
 #define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func))
-#define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st))
 #define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st))
 #define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st))
 #define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st))
@@ -2122,7 +2017,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp))
 #define sk_void_dup(st) SKM_sk_dup(void, st)
 #define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func))
-#define sk_void_free(st) SKM_sk_free(void, (st))
 #define sk_void_shift(st) SKM_sk_shift(void, (st))
 #define sk_void_pop(st) SKM_sk_pop(void, (st))
 #define sk_void_sort(st) SKM_sk_sort(void, (st))
@@ -2137,6 +2031,21 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_SK_FREE_FUNC2(STRING, free_func))
 #define sk_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_PTR_OF(char, val), i)
 #define sk_STRING_free(st) SKM_sk_free(STRING, st)
+#define sk_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st), i, CHECKED_PTR_OF(char, val))
+#define sk_STRING_zero(st) SKM_sk_zero(STRING, (st))
+#define sk_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(STRING), st), CHECKED_CONST_PTR_OF(char, val))
+#define sk_STRING_delete(st, i) SKM_sk_delete(STRING, (st), (i))
+#define sk_STRING_delete_ptr(st, ptr) (STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_PTR_OF(char, ptr))
+#define sk_STRING_set_cmp_func(st, cmp)  \
+	((int (*)(const char * const *,const char * const *)) \
+	sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_SK_CMP_FUNC(char, cmp)))
+#define sk_STRING_dup(st) SKM_sk_dup(STRING, st)
+#define sk_STRING_shift(st) SKM_sk_shift(STRING, (st))
+#define sk_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st))
+#define sk_STRING_sort(st) SKM_sk_sort(STRING, (st))
+#define sk_STRING_is_sorted(st) SKM_sk_is_sorted(STRING, (st))
+

 #define sk_BLOCK_new(cmp) ((STACK_OF(BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
 #define sk_BLOCK_new_null() ((STACK_OF(BLOCK) *)sk_new_null())
@@ -2147,6 +2056,21 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_SK_FREE_FUNC2(BLOCK, free_func))
 #define sk_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val), i)
 #define sk_BLOCK_free(st) SKM_sk_free(BLOCK, st)
+#define sk_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), i, CHECKED_PTR_OF(void, val))
+#define sk_BLOCK_zero(st) SKM_sk_zero(BLOCK, (st))
+#define sk_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
+#define sk_BLOCK_delete(st, i) SKM_sk_delete(BLOCK, (st), (i))
+#define sk_BLOCK_delete_ptr(st, ptr) (BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, ptr))
+#define sk_BLOCK_set_cmp_func(st, cmp)  \
+	((int (*)(const void * const *,const void * const *)) \
+	sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_BLOCK_dup(st) SKM_sk_dup(BLOCK, st)
+#define sk_BLOCK_shift(st) SKM_sk_shift(BLOCK, (st))
+#define sk_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st))
+#define sk_BLOCK_sort(st) SKM_sk_sort(BLOCK, (st))
+#define sk_BLOCK_is_sorted(st) SKM_sk_is_sorted(BLOCK, (st))
+

 #define sk_PSTRING_new(cmp) ((STACK_OF(PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(STRING, cmp)))
 #define sk_PSTRING_new_null() ((STACK_OF(PSTRING) *)sk_new_null())
@@ -2157,6 +2081,21 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_SK_FREE_FUNC2(PSTRING, free_func))
 #define sk_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_PTR_OF(STRING, val), i)
 #define sk_PSTRING_free(st) SKM_sk_free(PSTRING, st)
+#define sk_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st), i, CHECKED_PTR_OF(STRING, val))
+#define sk_PSTRING_zero(st) SKM_sk_zero(PSTRING, (st))
+#define sk_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_PTR_OF(STRING, val))
+#define sk_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(PSTRING), st), CHECKED_CONST_PTR_OF(STRING, val))
+#define sk_PSTRING_delete(st, i) SKM_sk_delete(PSTRING, (st), (i))
+#define sk_PSTRING_delete_ptr(st, ptr) (PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_PTR_OF(STRING, ptr))
+#define sk_PSTRING_set_cmp_func(st, cmp)  \
+	((int (*)(const STRING * const *,const STRING * const *)) \
+	sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_SK_CMP_FUNC(STRING, cmp)))
+#define sk_PSTRING_dup(st) SKM_sk_dup(PSTRING, st)
+#define sk_PSTRING_shift(st) SKM_sk_shift(PSTRING, (st))
+#define sk_PSTRING_pop(st) (STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st))
+#define sk_PSTRING_sort(st) SKM_sk_sort(PSTRING, (st))
+#define sk_PSTRING_is_sorted(st) SKM_sk_is_sorted(PSTRING, (st))
+

 #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
 	SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
--- a/crypto/symhacks.h
+++ b/crypto/symhacks.h
@@ -382,7 +382,7 @@
 #endif /* defined OPENSSL_SYS_VMS */


-/* Case insensiteve linking causes problems.... */
+/* Case insensitive linking causes problems.... */
 #if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
 #undef ERR_load_CRYPTO_strings
 #define ERR_load_CRYPTO_strings			ERR_load_CRYPTOlib_strings
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -116,6 +116,7 @@ extern "C" {
 /* Under Win32 these are defined in wincrypt.h */
 #undef X509_NAME
 #undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
 #endif

 #define X509_FILETYPE_PEM	1
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1124,7 +1124,7 @@ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
 	/* Verify CRL issuer */
 	ret = X509_verify_cert(&crl_ctx);

-	if (!ret)
+	if (ret <= 0)
 		goto err;

 	/* Check chain is acceptable */
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -231,7 +231,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
 	tree->auth_policies = NULL;
 	tree->user_policies = NULL;

-	if (!tree)
+	if (!tree->levels)
 		{
 		OPENSSL_free(tree);
 		return 0;
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -366,6 +366,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
                if (move_p)
                        {
                        X509_NAME_delete_entry(nm, i);
+			X509_NAME_ENTRY_free(ne);
                        i--;
                        }
 		if(!email || !(gen = GENERAL_NAME_new())) {
@@ -605,6 +606,7 @@ static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
 	if (!ret)
 		X509_NAME_free(nm);
 	gen->d.dirn = nm;
+	X509V3_section_free(ctx, sk);
 		
 	return ret;
 	}
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -453,4 +453,5 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)


 IMPLEMENT_STACK_OF(X509_POLICY_NODE)
+IMPLEMENT_STACK_OF(X509_POLICY_DATA)

--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -152,7 +152,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
 				sk_X509_NAME_ENTRY_num(rnm) - 1)->set)
 			{
 			X509V3err(X509V3_F_SET_DIST_POINT_NAME,
-						X509V3_R_INVAID_MULTIPLE_RDNS);
+						X509V3_R_INVALID_MULTIPLE_RDNS);
 			goto err;
 			}
 		}
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -82,7 +82,7 @@ static int process_pci_value(CONF_VALUE *val,
 		{
 		if (*language)
 			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
+			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
 			X509V3_conf_err(val);
 			return 0;
 			}
@@ -97,7 +97,7 @@ static int process_pci_value(CONF_VALUE *val,
 		{
 		if (*pathlen)
 			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
+			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
 			X509V3_conf_err(val);
 			return 0;
 			}
--- a/crypto/x509v3/v3err.c
+++ b/crypto/x509v3/v3err.c
@@ -159,7 +159,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"},
 {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT)  ,"illegal hex digit"},
 {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
-{ERR_REASON(X509V3_R_INVAID_MULTIPLE_RDNS),"invaid multiple rdns"},
+{ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS),"invalid multiple rdns"},
 {ERR_REASON(X509V3_R_INVALID_ASNUMBER)   ,"invalid asnumber"},
 {ERR_REASON(X509V3_R_INVALID_ASRANGE)    ,"invalid asrange"},
 {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
@@ -193,9 +193,9 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
 {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"},
 {ERR_REASON(X509V3_R_OTHERNAME_ERROR)    ,"othername error"},
-{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
+{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),"policy language already defined"},
 {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
+{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),"policy path length already defined"},
 {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
 {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
 {ERR_REASON(X509V3_R_SECTION_NOT_FOUND)  ,"section not found"},
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -951,7 +951,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_ILLEGAL_EMPTY_EXTENSION		 151
 #define X509V3_R_ILLEGAL_HEX_DIGIT			 113
 #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG		 152
-#define X509V3_R_INVAID_MULTIPLE_RDNS			 161
+#define X509V3_R_INVALID_MULTIPLE_RDNS			 161
 #define X509V3_R_INVALID_ASNUMBER			 162
 #define X509V3_R_INVALID_ASRANGE			 163
 #define X509V3_R_INVALID_BOOLEAN_STRING			 104
@@ -985,9 +985,9 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_ODD_NUMBER_OF_DIGITS			 112
 #define X509V3_R_OPERATION_NOT_DEFINED			 148
 #define X509V3_R_OTHERNAME_ERROR			 147
-#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED	 155
+#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED	 155
 #define X509V3_R_POLICY_PATH_LENGTH			 156
-#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED	 157
+#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED	 157
 #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED	 158
 #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
 #define X509V3_R_SECTION_NOT_FOUND			 150
--- a/demos/pkcs12/pkread.c
+++ b/demos/pkcs12/pkread.c
@@ -51,7 +51,7 @@ int main(int argc, char **argv)
 		fprintf(fp, "***User Certificate***\n");
 		PEM_write_X509_AUX(fp, cert);
 	}
-	if (ca && sk_num(ca)) {
+	if (ca && sk_X509_num(ca)) {
 		fprintf(fp, "***Other Certificates***\n");
 		for (i = 0; i < sk_X509_num(ca); i++) 
 		    PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
--- a/doc/apps/ca.pod
+++ b/doc/apps/ca.pod
@@ -217,7 +217,7 @@ used).

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<ca>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -251,6 +251,33 @@ cipher suites using MD5.

 cipher suites using SHA1.

+=item B<aGOST> 
+
+cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction
+(needs an engine supporting GOST algorithms). 
+
+=item B<aGOST01>
+
+cipher suites using GOST R 34.10-2001 authentication.
+
+=item B<aGOST94>
+
+cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94
+standard has been expired so use GOST R 34.10-2001)
+
+=item B<kGOST>
+
+cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
+
+=item B<GOST94>
+
+cipher suites, using HMAC based on GOST R 34.11-94.
+
+=item B<GOST89MAC>
+
+cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
+
+
 =back

 =head1 CIPHER SUITE NAMES
@@ -376,6 +403,16 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.

 TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA

+=head2 GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0
+
+Note: these ciphers require an engine which including GOST cryptographic
+algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution.
+
+ TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
+ TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
+ TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
+ TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
+
 =head2 Additional Export 1024 and other cipher suites

 Note: these ciphers can also be used in SSL v3.
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -36,17 +36,7 @@ B<openssl> B<cms>
 [B<-CAfile file>]
 [B<-CApath dir>]
 [B<-md digest>]
-[B<-des>]
-[B<-des3>]
-[B<-rc2-40>]
-[B<-rc2-64>]
-[B<-rc2-128>]
-[B<-aes128>]
-[B<-aes192>]
-[B<-aes256>]
-[B<-camellia128>]
-[B<-camellia192>]
-[B<-camellia256>]
+[B<-[cipher]>]
 [B<-nointern>]
 [B<-no_signer_cert_verify>]
 [B<-nocerts>]
@@ -253,13 +243,13 @@ to each certificate.
 digest algorithm to use when signing or resigning. If not present then the
 default digest algorithm for the signing key will be used (usually SHA1).

-=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256>
+=item B<-[cipher]>

-the encryption algorithm to use. DES (56 bits), triple DES (168 bits), 40, 64
-or 128 bit RC2, 128, 192 or 256 bit AES, or 128, 192 or 256 bit Camellia
-respectively. Any other cipher name (as recognized by the
+the encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
+or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
 EVP_get_cipherbyname() function) can also be used preceded by a dash, for 
-example B<-aes_128_cbc>.
+example B<-aes_128_cbc>. See L<B<enc>|enc(1)> for a list of ciphers
+supported by your version of OpenSSL.

 If not specified triple DES is used. Only used with B<-encrypt> and 
 B<-EncryptedData_create> commands.
@@ -411,6 +401,11 @@ portion of a message so they may be included manually. If signing
 then many S/MIME mail clients check the signers certificate's email
 address matches that specified in the From: address.

+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy>
+
+Set various certificate chain valiadition option. See the
+L<B<verify>|verify(1)> manual page for details.
+
 =back

 =head1 NOTES
--- a/doc/apps/dgst.pod
+++ b/doc/apps/dgst.pod
@@ -14,6 +14,7 @@ B<openssl> B<dgst>
 [B<-binary>]
 [B<-out filename>]
 [B<-sign filename>]
+[B<-keyform arg>]
 [B<-passin arg>]
 [B<-verify filename>]
 [B<-prverify filename>]
@@ -61,6 +62,23 @@ filename to output to, or standard output by default.

 digitally sign the digest using the private key in "filename".

+=item B<-keyform arg>
+
+Specifies the key format to sign digest with. Only PEM and ENGINE
+formats are supported by the B<dgst> command.
+
+=item B<-engine id>
+
+Use engine B<id> for operations (including private key storage).
+This engine is not used as source for digest algorithms, unless it is
+also specified in the configuration file.
+
+=item B<-sigopt nm:v>
+
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
+
+
 =item B<-passin arg>

 the private key password source. For more information about the format of B<arg>
@@ -83,6 +101,35 @@ the actual signature to verify.

 create a hashed MAC using "key".

+=item B<-mac alg>
+
+create MAC (keyed Message Authentication Code). The most popular MAC
+algorithm is HMAC (hash-based MAC), but there are other MAC algorithms
+which are not based on hash, for instance B<gost-mac> algorithm,
+supported by B<ccgost> engine. MAC keys and other options should be set
+via B<-macopt> parameter.
+
+=item B<-macopt nm:v>
+
+Passes options to MAC algorithm, specified by B<-mac> key.
+Following options are supported by both by B<HMAC> and B<gost-mac>:
+
+=over 8
+
+=item B<key:string>
+	
+Specifies MAC key as alphnumeric string (use if key contain printable
+characters only). String length must conform to any restrictions of
+the MAC algorithm for example exactly 32 chars for gost-mac.
+
+=item B<hexkey:string>
+
+Specifies MAC key in hexadecimal form (two hex digits per byte).
+Key length must conform to any restrictions of the MAC algorithm
+for example exactly 32 chars for gost-mac.
+
+=back
+
 =item B<-rand file(s)>

 a file or files containing random data used to seed the random number
--- a/doc/apps/dhparam.pod
+++ b/doc/apps/dhparam.pod
@@ -99,7 +99,7 @@ be loaded by calling the B<get_dh>I<numbits>B<()> function.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<dhparam>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/dsa.pod
+++ b/doc/apps/dsa.pod
@@ -109,7 +109,7 @@ a public key.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<dsa>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/dsaparam.pod
+++ b/doc/apps/dsaparam.pod
@@ -85,7 +85,7 @@ the input file (if any) is ignored.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<dsaparam>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/ec.pod
+++ b/doc/apps/ec.pod
@@ -130,7 +130,7 @@ is currently not implemented in OpenSSL.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<ec>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/ecparam.pod
+++ b/doc/apps/ecparam.pod
@@ -121,7 +121,7 @@ all others.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<ecparam>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/enc.pod
+++ b/doc/apps/enc.pod
@@ -12,17 +12,24 @@ B<openssl enc -ciphername>
 [B<-pass arg>]
 [B<-e>]
 [B<-d>]
-[B<-a>]
+[B<-a/-base64>]
 [B<-A>]
 [B<-k password>]
 [B<-kfile filename>]
 [B<-K key>]
 [B<-iv IV>]
+[B<-S salt>]
+[B<-salt>]
+[B<-nosalt>]
+[B<-z>]
+[B<-md>]
 [B<-p>]
 [B<-P>]
 [B<-bufsize number>]
 [B<-nopad>]
 [B<-debug>]
+[B<-none>]
+[B<-engine id>]

 =head1 DESCRIPTION

@@ -74,6 +81,10 @@ base64 process the data. This means that if encryption is taking place
 the data is base64 encoded after encryption. If decryption is set then
 the input data is base64 decoded before being decrypted.

+=item B<-base64>
+
+same as B<-a>
+
 =item B<-A>

 if the B<-a> option is set then base64 process the data on one line.
@@ -89,10 +100,18 @@ read the password to derive the key from the first line of B<filename>.
 This is for compatibility with previous versions of OpenSSL. Superseded by
 the B<-pass> argument.

+=item B<-nosalt>
+
+do not use a salt 
+
+=item B<-salt>
+
+use salt (randomly generated or provide with B<-S> option) when
+encrypting (this is the default).
+
 =item B<-S salt>

-the actual salt to use: this must be represented as a string comprised only
-of hex digits.
+the actual salt to use: this must be represented as a string of hex digits.

 =item B<-K key>

@@ -131,12 +150,34 @@ disable standard block padding

 debug the BIOs used for I/O.

+=item B<-z>
+
+Compress or decompress clear text using zlib before encryption or after
+decryption. This option exists only if OpenSSL with compiled with zlib
+or zlib-dynamic option.
+
+=item B<-none>
+
+Use NULL cipher (no encryption or decryption of input).
+
 =back

 =head1 NOTES

 The program can be called either as B<openssl ciphername> or
-B<openssl enc -ciphername>.
+B<openssl enc -ciphername>. But the first form doesn't work with
+engine-provided ciphers, because this form is processed before the
+configuration file is read and any ENGINEs loaded.
+
+Engines which provide entirely new encryption algorithms (such as ccgost
+engine which provides gost89 algorithm) should be configured in the
+configuration file. Engines, specified in the command line using -engine
+options can only be used for hadrware-assisted implementations of
+ciphers, which are supported by OpenSSL core or other engine, specified
+in the configuration file.
+
+When enc command lists supported ciphers, ciphers provided by engines,
+specified in the configuration files are listed too.

 A password will be prompted for to derive the key and IV if necessary.

@@ -169,6 +210,14 @@ Blowfish and RC5 algorithms use a 128 bit key.

 =head1 SUPPORTED CIPHERS

+Note that some of these ciphers can be disabled at compile time
+and some are available only if an appropriate engine is configured
+in the configuration file. The output of the B<enc> command run with
+unsupported options (for example B<openssl enc -help>) includes a
+list of ciphers, supported by your versesion of OpenSSL, including
+ones provided by configured engines.
+
+
 base64             Base 64

 bf-cbc             Blowfish in CBC mode
@@ -203,6 +252,9 @@ Blowfish and RC5 algorithms use a 128 bit key.

 desx               DESX algorithm.

+ gost89             GOST 28147-89 in CFB mode (provided by ccgost engine)
+ gost89-cnt        `GOST 28147-89 in CNT mode (provided by ccgost engine) 
+
 idea-cbc           IDEA algorithm in CBC mode
 idea               same as idea-cbc
 idea-cfb           IDEA in CFB mode
--- a/doc/apps/gendsa.pod
+++ b/doc/apps/gendsa.pod
@@ -40,7 +40,7 @@ all others.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<gendsa>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/genpkey.pod
+++ b/doc/apps/genpkey.pod
@@ -47,7 +47,7 @@ name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<genpkey>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms. If used this option should precede all other
@@ -138,6 +138,37 @@ the EC curve to use.

 =back

+=head1 GOST2001 KEY GENERATION AND PARAMETER OPTIONS
+
+Gost 2001 support is not enabled by default. To enable this algorithm,
+one should load the ccgost engine in the OpenSSL configuration file.
+See README.gost file in the engines/ccgost directiry of the source
+distribution for more details.
+
+Use of a parameter file for the GOST R 34.10 algorithm is optional.
+Parameters can be specified during key generation directly as well as
+during generation of parameter file.
+
+=over 4
+
+=item B<paramset:name>
+
+Specifies GOST R 34.10-2001 parameter set according to RFC 4357.
+Parameter set can be specified using abbreviated name, object short name or
+numeric OID. Following parameter sets are supported:
+
+  paramset   OID               Usage
+  A          1.2.643.2.2.35.1  Signature
+  B          1.2.643.2.2.35.2  Signature
+  C          1.2.643.2.2.35.3  Signature
+  XA         1.2.643.2.2.36.0  Key exchange
+  XB         1.2.643.2.2.36.1  Key exchange
+  test       1.2.643.2.2.35.0  Test purposes
+
+=back
+
+
+
 =head1 NOTES

 The use of the genpkey program is encouraged over the algorithm specific
@@ -148,15 +179,15 @@ can be used.

 Generate an RSA private key using default parameters:

- openssl genpkey -algoritm RSA -out key.pem 
+ openssl genpkey -algorithm RSA -out key.pem 

 Encrypt output private key using 128 bit AES and the passphrase "hello":

- openssl genpkey -algoritm RSA -out key.pem -aes-128-cbc -pass pass:hello
+ openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello

 Generate a 2048 bit RSA key using 3 as the public exponent:

- openssl genpkey -algoritm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \
+ openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \
 						-pkeyopt rsa_keygen_pubexp:3

 Generate 1024 bit DSA parameters:
--- a/doc/apps/genrsa.pod
+++ b/doc/apps/genrsa.pod
@@ -57,7 +57,7 @@ all others.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<genrsa>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/openssl.pod
+++ b/doc/apps/openssl.pod
@@ -81,6 +81,10 @@ Certificate Authority (CA) Management.

 Cipher Suite Description Determination.

+=item L<B<cms>|cms(1)>
+
+CMS (Cryptographic Message Syntax) utility
+
 =item L<B<crl>|crl(1)>

 Certificate Revocation List (CRL) Management.
@@ -98,6 +102,12 @@ Message Digest Calculation.
 Diffie-Hellman Parameter Management.
 Obsoleted by L<B<dhparam>|dhparam(1)>.

+=item L<B<dhparam>|dhparam(1)>
+
+Generation and Management of Diffie-Hellman Parameters. Superseded by 
+L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>
+
+
 =item L<B<dsa>|dsa(1)>

 DSA Data Management.
@@ -107,19 +117,26 @@ DSA Data Management.
 DSA Parameter Generation and Management. Superseded by 
 L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>

+=item L<B<ec>|ec(1)>
+
+EC (Elliptic curve) key processing
+
+=item L<B<ecparam>|ecparam(1)>
+
+EC parameter manipulation and generation
+
 =item L<B<enc>|enc(1)>

 Encoding with Ciphers.

+=item L<B<engine>|engine(1)>
+
+Engine (loadble module) information and manipulation.
+
 =item L<B<errstr>|errstr(1)>

 Error Number to Error String Conversion.

-=item L<B<dhparam>|dhparam(1)>
-
-Generation and Management of Diffie-Hellman Parameters. Superseded by 
-L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>
-
 =item B<gendh>

 Generation of Diffie-Hellman Parameters.
@@ -138,6 +155,10 @@ Generation of Private Key or Parameters.

 Generation of RSA Private Key. Superceded by L<B<genpkey>|genpkey(1)>.

+=item L<B<nseq>|nseq(1)
+
+Create or examine a netscape certificate sequence
+
 =item L<B<ocsp>|ocsp(1)>

 Online Certificate Status Protocol utility.
@@ -158,14 +179,14 @@ PKCS#7 Data Management.

 Public and private key management.

-=item L<B<pkeyutl>|pkeyutl(1)>
-
-Public key algorithm cryptographic operation utility.
-
 =item L<B<pkeyparam>|pkeyparam(1)>

 Public key algorithm parameter management.

+=item L<B<pkeyutl>|pkeyutl(1)>
+
+Public key algorithm cryptographic operation utility.
+
 =item L<B<rand>|rand(1)>

 Generate pseudo-random bytes.
@@ -178,6 +199,7 @@ PKCS#10 X.509 Certificate Signing Request (CSR) Management.

 RSA key management.

+
 =item L<B<rsautl>|rsautl(1)>

 RSA utility for signing, verification, encryption, and decryption. Superseded
@@ -215,6 +237,10 @@ S/MIME mail processing.

 Algorithm Speed Measurement.

+=item L<B<spkac>|spkac(1)>
+
+SPKAC printing and generating utility
+
 =item L<B<ts>|ts(1)>

 Time Stamping Authority tool (client/server)
--- a/doc/apps/pkcs7.pod
+++ b/doc/apps/pkcs7.pod
@@ -62,7 +62,7 @@ is B<-print_certs> is set).

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<pkcs7>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/pkcs8.pod
+++ b/doc/apps/pkcs8.pod
@@ -125,7 +125,7 @@ list of possible algorithms is included below.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<pkcs8>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/pkey.pod
+++ b/doc/apps/pkey.pod
@@ -94,7 +94,7 @@ the input is a public key.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<pkey>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/pkeyparam.pod
+++ b/doc/apps/pkeyparam.pod
@@ -43,7 +43,7 @@ do not output the encoded version of the parameters.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<pkeyparam>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/pkeyutl.pod
+++ b/doc/apps/pkeyutl.pod
@@ -12,6 +12,7 @@ B<openssl> B<pkeyutl>
 [B<-sigfile file>]
 [B<-inkey file>]
 [B<-keyform PEM|DER>]
+[B<-passin arg>]
 [B<-peerkey file>]
 [B<-peerform PEM|DER>]
 [B<-pubin>]
@@ -26,6 +27,7 @@ B<openssl> B<pkeyutl>
 [B<-pkeyopt opt:value>]
 [B<-hexdump>]
 [B<-asn1parse>]
+[B<-engine id>]

 =head1 DESCRIPTION

@@ -52,7 +54,13 @@ the input key file, by default it should be a private key.

 =item B<-keyform PEM|DER>

-the key format PEM or DER.
+the key format PEM, DER or ENGINE.
+
+=item B<-passin arg>
+
+the input key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+

 =item B<-peerkey file>

@@ -60,7 +68,15 @@ the peer key file, used by key derivation (agreement) operations.

 =item B<-peerform PEM|DER>

-the peer key format PEM or DER.
+the peer key format PEM, DER or ENGINE.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<pkeyutl>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+

 =item B<-pubin>

--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -22,13 +22,13 @@ B<openssl> B<req>
 [B<-new>]
 [B<-rand file(s)>]
 [B<-newkey rsa:bits>]
-[B<-newkey dsa:file>]
 [B<-newkey alg:file>]
 [B<-nodes>]
 [B<-key filename>]
 [B<-keyform PEM|DER>]
 [B<-keyout filename>]
-[B<-[md5|sha1|md2|mdc2]>]
+[B<-keygen_engine id>]
+[B<-[digest]>]
 [B<-config filename>]
 [B<-subj arg>]
 [B<-multivalue-rdn>]
@@ -36,11 +36,15 @@ B<openssl> B<req>
 [B<-days n>]
 [B<-set_serial n>]
 [B<-asn1-kludge>]
+[B<-no-asn1-kludge>]
 [B<-newhdr>]
 [B<-extensions section>]
 [B<-reqexts section>]
 [B<-utf8>]
 [B<-nameopt>]
+[B<-reqopt>]
+[B<-subject>]
+[B<-subj arg>]
 [B<-batch>]
 [B<-verbose>]
 [B<-engine id>]
@@ -92,6 +96,11 @@ see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.

 prints out the certificate request in text form.

+=item B<-subject>
+
+prints out the request subject (or certificate subject if B<-x509> is
+specified)
+
 =item B<-pubkey>

 outputs the public key.
@@ -119,6 +128,13 @@ in the configuration file and any requested extensions.
 If the B<-key> option is not used it will generate a new RSA private
 key using information specified in the configuration file.

+=item B<-subj arg>
+
+Replaces subject field of input request with specified data and outputs
+modified request. The arg must be formatted as
+I</type0=value0/type1=value1/type2=...>,
+characters may be escaped by \ (backslash), no spaces are skipped.
+
 =item B<-rand file(s)>

 a file or files containing random data used to seed the random number
@@ -132,12 +148,26 @@ all others.
 this option creates a new certificate request and a new private
 key. The argument takes one of several forms. B<rsa:nbits>, where
 B<nbits> is the number of bits, generates an RSA key B<nbits>
-in size. B<dsa:filename> generates a DSA key using the parameters
-in the file B<filename>. B<param:file> generates a key using the
-parameter file B<file>, the algorithm is determined by the
-parameters. B<algname:file> use algorithm B<algname> and parameter file
-B<file> the two algorithms must match or an error occurs. B<algname> just
-uses algorithm B<algname>.
+in size. If B<nbits> is omitted, i.e. B<-newkey rsa> specified,
+the default key size, specified in the configuration file is used.
+
+All other algorithms support the B<-newkey alg:file> form, where file may be
+an algorithm parameter file, created by the B<genpkey -genparam> command
+or and X.509 certificate for a key with approriate algorithm.
+
+B<param:file> generates a key using the parameter file or certificate B<file>,
+the algorithm is determined by the parameters. B<algname:file> use algorithm
+B<algname> and parameter file B<file>: the two algorithms must match or an
+error occurs. B<algname> just uses algorithm B<algname>, and parameters,
+if neccessary should be specified via B<-pkeyopt> parameter.
+
+B<dsa:filename> generates a DSA key using the parameters
+in the file B<filename>. B<ec:filename> generates EC key (usable both with
+ECDSA or ECDH algorithms), B<gost2001:filename> generates GOST R
+34.10-2001 key (requires B<ccgost> engine configured in the configuration
+file). If just B<gost2001> is specified a parameter set should be
+specified by B<-pkeyopt paramset:X>
+

 =item B<-pkeyopt opt:value>

@@ -167,11 +197,15 @@ configuration file is used.
 if this option is specified then if a private key is created it
 will not be encrypted.

-=item B<-[md5|sha1|md2|mdc2]>
+=item B<-[digest]>

-this specifies the message digest to sign the request with. This
-overrides the digest algorithm specified in the configuration file.
-This option is ignored for DSA requests: they always use SHA1.
+this specifies the message digest to sign the request with (such as
+B<-md5>, B<-sha1>). This overrides the digest algorithm specified in
+the configuration file.
+
+Some public key algorithms may override this choice. For instance, DSA
+signatures always use SHA1, GOST R 34.10 signatures always use
+GOST R 34.11-94 (B<-md_gost94>).

 =item B<-config filename>

@@ -239,6 +273,15 @@ B<option> argument can be a single option or multiple options separated by
 commas.  Alternatively the B<-nameopt> switch may be used more than once to
 set multiple options. See the L<x509(1)|x509(1)> manual page for details.

+=item B<-reqopt>
+
+customise the output format used with B<-text>. The B<option> argument can be
+a single option or multiple options separated by commas. 
+
+See discission of the  B<-certopt> parameter in the L<B<x509>|x509(1)>
+command.
+
+
 =item B<-asn1-kludge>

 by default the B<req> command outputs certificate requests containing
@@ -254,6 +297,10 @@ B<SET OF> whereas the correct form does.

 It should be noted that very few CAs still require the use of this option.

+=item B<-no-asn1-kludge>
+
+Reverses effect of B<-asn1-kludge>
+
 =item B<-newhdr>

 Adds the word B<NEW> to the PEM file header and footer lines on the outputed
@@ -269,11 +316,16 @@ print extra details about the operations being performed.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<req>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.

+=item B<-keygen_engine id>
+
+specifies an engine (by its unique B<id> string) which would be used
+for key generation operations.
+
 =back

 =head1 CONFIGURATION FILE FORMAT
--- a/doc/apps/rsa.pod
+++ b/doc/apps/rsa.pod
@@ -120,7 +120,7 @@ the input is a public key.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<rsa>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -101,6 +101,11 @@ also used when building the client certificate chain.
 A file containing trusted certificates to use during server authentication
 and to use when attempting to build the client certificate chain.

+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy>
+
+Set various certificate chain valiadition option. See the
+L<B<verify>|verify(1)> manual page for details.
+
 =item B<-reconnect>

 reconnects to the same server 5 times using the same session ID, this can
@@ -219,7 +224,7 @@ connection from this session.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<s_client>
+specifying an engine (by its unique B<id> string) will cause B<s_client>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -256,7 +256,7 @@ are part of the HTTP response line and headers must end with CRLF).

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<s_server>
+specifying an engine (by its unique B<id> string) will cause B<s_server>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -13,17 +13,7 @@ B<openssl> B<smime>
 [B<-resign>]
 [B<-verify>]
 [B<-pk7out>]
-[B<-des>]
-[B<-des3>]
-[B<-rc2-40>]
-[B<-rc2-64>]
-[B<-rc2-128>]
-[B<-aes128>]
-[B<-aes192>]
-[B<-aes256>]
-[B<-camellia128>]
-[B<-camellia192>]
-[B<-camellia256>]
+[B<-[cipher]>]
 [B<-in file>]
 [B<-certfile file>]
 [B<-signer file>]
@@ -161,13 +151,13 @@ to each certificate.
 digest algorithm to use when signing or resigning. If not present then the
 default digest algorithm for the signing key will be used (usually SHA1).

-=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256>
+=item B<-[cipher]>

-the encryption algorithm to use. DES (56 bits), triple DES (168 bits), 40, 64
-or 128 bit RC2, 128, 192 or 256 bit AES, or 128, 192 or 256 bit Camellia
-respectively. Any other cipher name (as recognized by the
+the encryption algorithm to use. For example DES  (56 bits) - B<-des>,
+triple DES (168 bits) - B<-des3>,
 EVP_get_cipherbyname() function) can also be used preceded by a dash, for 
-example B<-aes_128_cbc>.
+example B<-aes_128_cbc>. See L<B<enc>|enc(1)> for list of ciphers
+supported by your version of OpenSSL.

 If not specified 40 bit RC2 is used. Only used with B<-encrypt>.

@@ -269,6 +259,11 @@ portion of a message so they may be included manually. If signing
 then many S/MIME mail clients check the signers certificate's email
 address matches that specified in the From: address.

+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy>
+
+Set various options of certificate chain verification. See
+L<B<verify>|verify(1)> manual page for details.
+
 =back

 =head1 NOTES
--- a/doc/apps/speed.pod
+++ b/doc/apps/speed.pod
@@ -44,7 +44,7 @@ This command is used to test the performance of cryptographic algorithms.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<speed>
+specifying an engine (by its unique B<id> string) will cause B<speed>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/spkac.pod
+++ b/doc/apps/spkac.pod
@@ -81,7 +81,7 @@ verifies the digital signature on the supplied SPKAC.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<spkac>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
--- a/doc/apps/ts.pod
+++ b/doc/apps/ts.pod
@@ -265,7 +265,7 @@ instead of DER. (Optional)

 =item B<-engine> id

-Specifying an engine (by it's unique B<id> string) will cause B<ts>
+Specifying an engine (by its unique B<id> string) will cause B<ts>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms. Default is builtin. (Optional)
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -10,6 +10,18 @@ B<openssl> B<verify>
 [B<-CApath directory>]
 [B<-CAfile file>]
 [B<-purpose purpose>]
+[B<-policy arg>]
+[B<-ignore_critical>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-policy_check>]
+[B<-explicit_policy>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-x509_strict>]
+[B<-extended_crl>]
+[B<-use_deltas>]
+[B<-policy_print>]
 [B<-untrusted file>]
 [B<-help>]
 [B<-issuer_checks>]
@@ -66,6 +78,63 @@ certificate was rejected. However the presence of rejection messages
 does not itself imply that anything is wrong: during the normal
 verify process several rejections may take place.

+=item B<-policy arg>
+
+Enable policy processing and add B<arg> to the user-initial-policy-set
+(see RFC3280 et al). The policy B<arg> can be an object name an OID in numeric
+form. This argument can appear more than once.
+
+=item B<-policy_check>
+
+Enables certificate policy processing.
+
+=item B<-explicit_policy>
+
+Set policy variable require-explicit-policy (see RFC3280 et al).
+
+=item B<-inhibit_any>
+
+Set policy variable inhibit-any-policy (see RFC3280 et al).
+
+=item B<-inhibit_map>
+
+Set policy variable inhibit-policy-mapping (see RFC3280 et al).
+
+=item B<-policy_print>
+
+Print out diagnostics, related to policy checking
+
+=item B<-crl_check>
+
+Checks end entity certificate validity by attempting to lookup a valid CRL.
+If a valid CRL cannot be found an error occurs. 
+
+=item B<-crl_check_all>
+
+Checks the validity of B<all> certificates in the chain by attempting
+to lookup valid CRLs.
+
+=item B<-ignore_critical>
+
+Normally if an unhandled critical extension is present which is not
+supported by OpenSSL the certificate is rejected (as required by
+RFC3280 et al). If this option is set critical extensions are
+ignored.
+
+=item B<-x509_strict>
+
+Disable workarounds for broken certificates which have to be disabled
+for strict X.509 compliance.
+
+=item B<-extended_crl>
+
+Enable extended CRL features such as indirect CRLs and alternate CRL
+signing keys.
+
+=item B<-use_deltas>
+
+Enable support for delta CRLs.
+
 =item B<->

 marks the last option. All arguments following this are assumed to be
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -23,6 +23,7 @@ B<openssl> B<x509>
 [B<-issuer>]
 [B<-nameopt option>]
 [B<-email>]
+[B<-ocsp_uri>]
 [B<-startdate>]
 [B<-enddate>]
 [B<-purpose>]
@@ -103,7 +104,7 @@ then this option has no effect: SHA1 is always used with DSA keys.

 =item B<-engine id>

-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<x509>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
@@ -176,6 +177,10 @@ set multiple options. See the B<NAME OPTIONS> section for more information.

 outputs the email address(es) if any.

+=item B<-ocsp_uri>
+
+outputs the OCSP responder address(es) if any.
+
 =item B<-startdate>

 prints out the start date of the certificate, that is the notBefore date.
--- a/doc/crypto/BIO_s_mem.pod
+++ b/doc/crypto/BIO_s_mem.pod
@@ -74,7 +74,7 @@ Writes to memory BIOs will always succeed if memory is available: that is
 their size can grow indefinitely.

 Every read from a read write memory BIO will remove the data just read with
-an internal copy operation, if a BIO contains a lots of data and it is
+an internal copy operation, if a BIO contains a lot of data and it is
 read in small chunks the operation can be very slow. The use of a read only
 memory BIO avoids this problem. If the BIO must be read write then adding
 a buffering BIO to the chain will speed up the process.
--- a/doc/crypto/SSLeay_version.pod
+++ b/doc/crypto/SSLeay_version.pod
@@ -1,74 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSLeay_version - retrieve version/build information about OpenSSL library
-
-=head1 SYNOPSIS
-
- #include <openssl/crypto.h>
-
- const char *SSLeay_version(int type);
-
-=head1 DESCRIPTION
-
-SSLeay_version() returns a pointer to a constant string describing the
-version of the OpenSSL library or giving information about the library
-build.
-
-The following B<type> values are supported:
-
-=over 4
-
-=item SSLEAY_VERSION
-
-The version of the OpenSSL library including the release date.
-
-=item SSLEAY_CFLAGS
-
-The compiler flags set for the compilation process in the form
-"compiler: ..."  if available or "compiler: information not available"
-otherwise.
-
-=item SSLEAY_BUILT_ON
-
-The date of the build process in the form "built on: ..." if available
-or "built on: date not available" otherwise.
-
-=item SSLEAY_PLATFORM
-
-The "Configure" target of the library build in the form "platform: ..."
-if available or "platform: information not available" otherwise.
-
-=item SSLEAY_DIR
-
-The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
-if available or "OPENSSLDIR: N/A" otherwise.
-
-=back
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item "not available"
-
-An invalid value for B<type> was given.
-
-=item Pointer to constant string
-
-Textual description.
-
-=back
-
-=head1 SEE ALSO
-
-L<crypto(3)|crypto(3)>
-
-=head1 HISTORY
-
-B<SSLEAY_DIR> was added in OpenSSL 0.9.7.
-
-=cut
--- a/doc/crypto/d2i_RSAPublicKey.pod
+++ b/doc/crypto/d2i_RSAPublicKey.pod
@@ -11,21 +11,21 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
 #include <openssl/rsa.h>
 #include <openssl/x509.h>

- RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
+ RSA * d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length);

 int i2d_RSAPublicKey(RSA *a, unsigned char **pp);

- RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length);
+ RSA * d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);

 int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);

- RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
+ RSA * d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length);

 int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);

 int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());

- RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+ RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());

 =head1 DESCRIPTION

--- a/doc/ssleay.txt
+++ b/doc/ssleay.txt
@@ -20,7 +20,7 @@ don't do that.
 ==== readme ========================================================

 This is the old 0.6.6 docuementation.  Most of the cipher stuff is still
-relevent but I'm working (very slowly) on new docuemtation.
+relevent but I'm working (very slowly) on new documentation.
 The current version can be found online at

 http://www.cryptsoft.com/ssleay/doc
@@ -548,8 +548,8 @@ application, ssleay.  This one program is composed of many programs that
 can all be compiled independantly.

 ssleay has 3 modes of operation.
-1) If the ssleay binaray has the name of one of its component programs, it
-executes that program and then exits.  This can be achieve by using hard or
+1) If the ssleay binary has the name of one of its component programs, it
+executes that program and then exits.  This can be achieved by using hard or
 symbolic links, or failing that, just renaming the binary.
 2) If the first argument to ssleay is the name of one of the component
 programs, that program runs that program and then exits.
@@ -1185,7 +1185,7 @@ typedef struct bio_st
 	example is for BIO_s_sock().  A socket needs to be 
 	assigned to the BIO before it can be used.
 -	'shutdown', this flag indicates if the underlying 
-	comunication primative being used should be closed/freed 
+	communication primitive being used should be closed/freed 
 	when the BIO is closed.
 -	'flags' is used to hold extra state.  It is primarily used 
 	to hold information about why a non-blocking operation 
@@ -1799,7 +1799,7 @@ int BN_set_word(BIGNUM *a, unsigned long w);

 unsigned long BN_get_word(BIGNUM *a);
 	Returns 'a' in an unsigned long.  Not remarkably, often 'a' will
-	be biger than a word, in which case 0xffffffffL is returned.
+	be bigger than a word, in which case 0xffffffffL is returned.

 Word Operations
 These functions are much more efficient that the normal bignum arithmetic
@@ -2058,7 +2058,7 @@ Now you will notice that macros like
                PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
 		                        (char *)x, NULL,NULL,0,NULL)
 Don't do encryption normally.  If you want to PEM encrypt your X509 structure,
-either just call PEM_ASN1_write directly or just define you own
+either just call PEM_ASN1_write directly or just define your own
 macro variant.  As you can see, this macro just sets all encryption related
 parameters to NULL.

@@ -5566,7 +5566,7 @@ These 2 functions create and destroy SSL_CTX structures

 The SSL_CTX has a session_cache_mode which is by default,
 in SSL_SESS_CACHE_SERVER mode.  What this means is that the library
-will automatically add new session-id's to the cache apon sucsessful
+will automatically add new session-id's to the cache upon successful
 SSL_accept() calls.
 If SSL_SESS_CACHE_CLIENT is set, then client certificates are also added
 to the cache.
@@ -5580,12 +5580,12 @@ SSL_SESS_NO_CACHE_BOTH	- Either SSL_accept() or SSL_connect().
 If SSL_SESS_CACHE_NO_AUTO_CLEAR is set, old timed out sessions are
 not automatically removed each 255, SSL_connect()s or SSL_accept()s.

-By default, apon every 255 successful SSL_connect() or SSL_accept()s,
+By default, upon every 255 successful SSL_connect() or SSL_accept()s,
 the cache is flush.  Please note that this could be expensive on
 a heavily loaded SSL server, in which case, turn this off and
 clear the cache of old entries 'manually' (with one of the functions
 listed below) every few hours.  Perhaps I should up this number, it is hard
-to say.  Remember, the '255' new calls is just a mechanims to get called
+to say.  Remember, the '255' new calls is just a mechanism to get called
 every now and then, in theory at most 255 new session-id's will have been
 added but if 100 are added every minute, you would still have
 500 in the cache before any would start being flushed (assuming a 3 minute
@@ -5628,10 +5628,10 @@ if copy is 1.  Otherwise, the reference count is not modified.
 void SSL_CTX_sess_set_get_cb(ctx,cb) sets the callback and
 int (*cb)()SSL_CTX_sess_get_get_cb(ctx) returns the callback.

-These callbacks are basically indended to be used by processes to
+These callbacks are basically intended to be used by processes to
 send their session-id's to other processes.  I currently have not implemented
-non-blocking semantics for these callbacks, it is upto the appication
-to make the callbacks effiecent if they require blocking (perhaps
+non-blocking semantics for these callbacks, it is upto the application
+to make the callbacks efficient if they require blocking (perhaps
 by 'saving' them and then 'posting them' when control returns from
 the SSL_accept().

@@ -6589,7 +6589,7 @@ This information can be used to recall the functions when the 'error'
 condition has dissapeared.

 After the connection has been made, information can be retrived about the
-SSL session and the session-id values that have been decided apon.
+SSL session and the session-id values that have been decided upon.
 The 'peer' certificate can be retrieved.

 The session-id values include
--- a/e_os.h
+++ b/e_os.h
@@ -112,7 +112,7 @@ extern "C" {
 /********************************************************************
 The Microsoft section
 ********************************************************************/
-/* The following is used becaue of the small stack in some
+/* The following is used because of the small stack in some
 * Microsoft operating systems */
 #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32)
 #  define MS_STATIC	static
@@ -275,14 +275,14 @@ extern "C" {
 #    if !defined(OPENSSL_NO_SOCK) && defined(_WIN32_WINNT)
       /*
        * Just like defining _WIN32_WINNT including winsock2.h implies
-        * certain "discipline" for maintaing [broad] binary compatibility.
+        * certain "discipline" for maintaining [broad] binary compatibility.
        * As long as structures are invariant among Winsock versions,
        * it's sufficient to check for specific Winsock2 API availability
        * at run-time [DSO_global_lookup is recommended]...
        */
 #      include <winsock2.h>
 #      include <ws2tcpip.h>
-       /* yes, they have to be #included prior <windows.h> */
+       /* yes, they have to be #included prior to <windows.h> */
 #    endif
 #    include <windows.h>
 #    include <stdio.h>
@@ -372,7 +372,7 @@ static unsigned int _strlen31(const char *str)
 #    define DEFAULT_HOME  "C:"
 #  endif

-#else /* The non-microsoft world world */
+#else /* The non-microsoft world */

 #  ifdef OPENSSL_SYS_VMS
 #    define VMS 1
--- a/e_os2.h
+++ b/e_os2.h
@@ -262,7 +262,7 @@ extern "C" {
 #define OPENSSL_EXTERN OPENSSL_IMPORT

 /* Macros to allow global variables to be reached through function calls when
-   required (if a shared library version requvres it, for example.
+   required (if a shared library version requires it, for example.
   The way it's done allows definitions like this:

 	// in foobar.c
--- a/engines/ccgost/Makefile
+++ b/engines/ccgost/Makefile
@@ -55,7 +55,7 @@ install:
 			esac; \
 			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx.new; \
 		else \
-			sfx="so"; \
+			sfx=".so"; \
 			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx.new; \
 		fi; \
 		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx.new; \
--- a/engines/ccgost/e_gost_err.c
+++ b/engines/ccgost/e_gost_err.c
@@ -86,6 +86,7 @@ static ERR_STRING_DATA GOST_str_functs[]=
 {ERR_FUNC(GOST_F_GOST_DO_SIGN),	"GOST_DO_SIGN"},
 {ERR_FUNC(GOST_F_GOST_DO_VERIFY),	"GOST_DO_VERIFY"},
 {ERR_FUNC(GOST_F_GOST_IMIT_CTRL),	"GOST_IMIT_CTRL"},
+{ERR_FUNC(GOST_F_GOST_IMIT_FINAL),	"GOST_IMIT_FINAL"},
 {ERR_FUNC(GOST_F_GOST_IMIT_UPDATE),	"GOST_IMIT_UPDATE"},
 {ERR_FUNC(GOST_F_PARAM_COPY_GOST01),	"PARAM_COPY_GOST01"},
 {ERR_FUNC(GOST_F_PARAM_COPY_GOST94),	"PARAM_COPY_GOST94"},
--- a/engines/ccgost/e_gost_err.h
+++ b/engines/ccgost/e_gost_err.h
@@ -87,6 +87,7 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
 #define GOST_F_GOST_DO_SIGN				 112
 #define GOST_F_GOST_DO_VERIFY				 113
 #define GOST_F_GOST_IMIT_CTRL				 114
+#define GOST_F_GOST_IMIT_FINAL				 140
 #define GOST_F_GOST_IMIT_UPDATE				 115
 #define GOST_F_PARAM_COPY_GOST01			 116
 #define GOST_F_PARAM_COPY_GOST94			 117
--- a/engines/ccgost/gost94_keyx.c
+++ b/engines/ccgost/gost94_keyx.c
@@ -25,7 +25,7 @@

 /* Computes Diffie-Hellman key and stores it into buffer in
 * little-endian byte order as expected by both versions of GOST 94
- * algorigthm
+ * algorithm
 */
 static int compute_pair_key_le(unsigned char *pair_key,BIGNUM *pub_key,DH *dh) 
 	{
--- a/engines/ccgost/gost_crypt.c
+++ b/engines/ccgost/gost_crypt.c
@@ -550,7 +550,10 @@ int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
 int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md)
 	{
 	struct ossl_gost_imit_ctx *c = ctx->md_data;
-	if (!c->key_set) return 0;
+	if (!c->key_set) {
+		GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
+		return 0;
+	}
 	if (c->bytes_left)
 		{
 		int i;
--- a/engines/ccgost/gost_sign.c
+++ b/engines/ccgost/gost_sign.c
@@ -3,7 +3,7 @@
 *             Copyright (c) 2005-2006 Cryptocom LTD                  *
 *         This file is distributed under the same license as OpenSSL *
 *                                                                    *
- *       Implementation of GOST R 34.10-94 signature algoritgthm      *
+ *       Implementation of GOST R 34.10-94 signature algorithm        *
 *       for OpenSSL                                                  *
 *          Requires OpenSSL 0.9.9 for compilation                    *
 **********************************************************************/
--- a/ms/README
+++ b/ms/README
@@ -4,7 +4,7 @@ to build with visual C++ 4.[01].

 The results will be in the out directory.

-These makefiles and def files were generated my typing
+These makefiles and def files were generated by typing

 perl util\mk1mf.pl VC-NT >ms/nt.mak
 perl util\mk1mf.pl VC-NT dll >ms/ntdll.mak
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,6 +1,6 @@
-%define libmaj 0
-%define libmin 9
-%define librel 9
+%define libmaj 1
+%define libmin 0
+%define librel 0
 #%define librev a
 Release: 1

@@ -8,8 +8,8 @@ Release: 1

 Summary: Secure Sockets Layer and cryptography libraries and tools
 Name: openssl
-#Version: %{libmaj}.%{libmin}.%{librel}
-Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+Version: %{libmaj}.%{libmin}.%{librel}
+#Version: %{libmaj}.%{libmin}.%{librel}%{librev}
 Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
 Copyright: Freely distributable
 Group: System Environment/Libraries
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Dr. Stephen Henson	d8faad27b7	Fix RFC num.	2009-04-21 15:42:01 +00:00
Dr. Stephen Henson	dab7075946	Update STATUS.	2009-04-21 15:19:15 +00:00
Dr. Stephen Henson	dfc8e96daa	Fix warning.	2009-04-21 15:11:59 +00:00
Dr. Stephen Henson	71d3eaf358	make update.	2009-04-21 15:02:20 +00:00
Dr. Stephen Henson	ef6b25be63	Beta 2 preparation.	2009-04-21 14:58:57 +00:00
Dr. Stephen Henson	b452f43322	PR: 1751 Submitted by: David Woodhouse <dwmw2@infradead.org> Approved by: steve@openssl.org Compatibility patches for Cisco VPN client DTLS.	2009-04-19 18:03:13 +00:00
Dr. Stephen Henson	52891f832f	Fix error header files and error files too.	2009-04-19 17:58:01 +00:00
Dr. Stephen Henson	9990cb75c1	PR: 1894 Submitted by: Ger Hobbelt <ger@hobbelt.com> Approved by: steve@openssl.org Fix various typos and stuff.	2009-04-16 17:22:51 +00:00
Dr. Stephen Henson	a5cc69c7ae	PR: 1900 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Remove unnecessary included header file.	2009-04-16 16:42:02 +00:00
Dr. Stephen Henson	0b4b8ba64e	PR: 1895 Submitted by: Ger Hobbelt <ger@hobbelt.com> Approved by: steve@openssl.org Updates to mkerr.pl script.	2009-04-15 15:16:29 +00:00
Dr. Stephen Henson	268e78c305	PR: 1899 Submitted by: Ger Hobbelt <ger@hobbelt.com> Approved by: steve@openssl.org Check for <= 0 when verifying CRL issuers.	2009-04-15 15:07:09 +00:00
Dr. Stephen Henson	c900a78c99	PR: 1828 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Updated DTLS Rentransmission bug patch.	2009-04-15 14:49:36 +00:00
Dr. Stephen Henson	46ffb2dc97	PR #1828 reverted: state save/restore incompatible with 1.0.0-stable.	2009-04-14 15:29:34 +00:00
Dr. Stephen Henson	10acacb3bf	Fix typo and stop WIN32 warnings.	2009-04-14 15:13:35 +00:00
Dr. Stephen Henson	aab790a656	PR: 1829 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS Timer Bug fix.	2009-04-14 14:33:12 +00:00
Dr. Stephen Henson	1319aad994	PR: 1647 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Update patch for PR#1647.	2009-04-14 14:22:26 +00:00
Dr. Stephen Henson	3c0ce01cea	PR: 1827 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Updated patch for PR #1827	2009-04-14 14:20:57 +00:00
Dr. Stephen Henson	9fcbefebdb	PR: 1828 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Update from 0.9.8-stable.	2009-04-14 14:19:46 +00:00
Dr. Stephen Henson	017d2a887f	PR: 1838 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Updated patch from 0.9.8-stable.	2009-04-14 14:18:16 +00:00
Dr. Stephen Henson	0416482605	Make update.	2009-04-13 11:40:00 +00:00
Dr. Stephen Henson	0f17424918	PR: 1786 Submitted by: Ger Hobbelt <ger@hobbelt.com> Approved by: steve@openssl.org Add missing IMPLEMENT.	2009-04-13 11:36:19 +00:00
Dr. Stephen Henson	55ed10db21	PR: 1785 Submitted by: Ger Hobbelt <ger@hobbelt.com> Approved by: steve@openssl.org Properly handle malloc failure.	2009-04-13 11:31:22 +00:00
Dr. Stephen Henson	3877b6bfe9	PR: 1896 Submitted by: Ger Hobbelt <ger@hobbelt.com> Approved by: steve@openssl.org Remove double sk_*_free() definition and add missing definition to mkstack.pl	2009-04-13 11:26:31 +00:00
Dr. Stephen Henson	a0f32454b6	PR: 1898 Submitted by: Ger Hobbelt <ger@hobbelt.com> Approved by: steve@openssl.org Include correct headers in selftest.pl generated code.	2009-04-13 11:22:55 +00:00
Dr. Stephen Henson	6fda4d7e5d	PR: 1887 Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru> Approved by: steve@openssl.org Document/clarify use of some options and include details of GOST algorihthm usage.	2009-04-10 16:42:28 +00:00
Dr. Stephen Henson	36a252ea46	Typo.	2009-04-10 11:35:31 +00:00
Dr. Stephen Henson	a31a195246	PR: 1887 (part, modified) Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru> Approved by: steve@openssl.org Use correct command names in -engine description and fix typo.	2009-04-10 11:25:54 +00:00
Dr. Stephen Henson	5f590d2218	PR: 1887 (part) Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru> Approved by: steve@openssl.org Added error codes for ccgost.	2009-04-10 11:07:35 +00:00
Dr. Stephen Henson	791b7bc715	Fix usage messages and lookup digests later in req command. (part of PR #1887)	2009-04-10 11:00:12 +00:00
Dr. Stephen Henson	19ae090787	Print out registered digest names in dgst utility instead of hard coding them. Modify EVP_MD_do_all() to include registered digest name. This is a modified version of part of PR#1887.	2009-04-10 10:30:27 +00:00
Dr. Stephen Henson	db3076621b	PR: 1892 Fix memory leak when email:move option used.	2009-04-08 15:58:07 +00:00
Dr. Stephen Henson	9ae5743515	Disable SSLv2 cipher suites by default and avoid SSLv2 compatible client hello if no SSLv2 cipher suites are included. This effectively disables the broken SSLv2 use by default.	2009-04-07 17:01:07 +00:00
Dr. Stephen Henson	c184b140df	Update from 0.9.8-stable.	2009-04-07 16:30:32 +00:00
Dr. Stephen Henson	9d80aa7e3f	Update from 0.9.8-stable	2009-04-07 12:10:59 +00:00
Dr. Stephen Henson	15671a90a9	PR: 1677 Submitted by: Vennemann <rvennemann@cool.ms> Approved by: steve@openssl.org Call RSA_new() after ENGINE has been set up.	2009-04-06 21:42:11 +00:00
Dr. Stephen Henson	0048464449	Use basename of objxref.pl not whole path in generated header.	2009-04-06 16:16:23 +00:00
Dr. Stephen Henson	b422166ce0	Updates from HEAD.	2009-04-06 16:02:51 +00:00
Dr. Stephen Henson	81be661ae2	PR: 1626 Submitted by: Cerutti Pietro <pietro.cerutti@bfh.ch> Fix manual page.	2009-04-06 15:16:41 +00:00
Dr. Stephen Henson	8681c66eec	PR: 1890 Submitted by: "Green, Paul" <Paul.Green@stratus.com> Approved by: steve@openssl.org Fixes to --with-zlib-include and --with-zlib-lib and init PRNG for VOS.	2009-04-06 14:31:36 +00:00
Dr. Stephen Henson	69a0034e50	PR: 1899 Submitted by: Doug Kaufman <dkaufman@rahul.net> Approved by: steve@openssl.org Mingw fixes.	2009-04-06 14:25:02 +00:00
Dr. Stephen Henson	c9a1778134	Fix error codes.	2009-04-05 11:54:34 +00:00
Dr. Stephen Henson	326794e9c6	Change default openssl.cnf to only use issuer+serial option in AKID if no SKID.	2009-04-04 18:09:43 +00:00
Dr. Stephen Henson	2dd5ca1fbc	Make no-ssl2 work including on Win32 builds.	2009-04-04 17:57:34 +00:00
Ben Laurie	3042945ac8	Fix warning.	2009-04-04 13:39:48 +00:00
Dr. Stephen Henson	da29b0d335	Fix for VC++ 6 which chokes on the empty argument.	2009-04-04 11:44:48 +00:00
Dr. Stephen Henson	6abbc68188	PR: 1870 Submitted by: kilroy <kilroy@mail.zutom.sk> Approved by: steve@openssl.org Handle pkcs12 format correctly by not assuming PEM format straight away.	2009-04-03 17:06:35 +00:00
Dr. Stephen Henson	25f6c7fd8b	Update from 0.9.8-stable.	2009-04-03 16:54:37 +00:00
Dr. Stephen Henson	1cf3571ea4	PR: 1888 Submitted by: Tim Rice <tim@multitalents.net> Approved by: steve@openssl.org Allow SOCKLEN_T type to be overridden at config time e.g. ./config -DSOCKLEN_T=int	2009-04-03 16:44:40 +00:00
Dr. Stephen Henson	d769e7a58c	PR: 1613 Submitted by: "Jean Rebiffe" <jrebiffe@gmail.com> Approved by: steve@openssl.org Free section.	2009-04-03 16:21:01 +00:00
Dr. Stephen Henson	fa3619f233	Update version info, fix typo.	2009-04-03 11:50:59 +00:00
Dr. Stephen Henson	a414cbcad3	Update from 0.9.8-stable.	2009-04-03 11:37:47 +00:00
Dr. Stephen Henson	c6196da587	Update from 0.9.8-stable.	2009-04-02 22:28:52 +00:00
Dr. Stephen Henson	5d48762647	Make PKCS12_parse() handle some PKCS#12 files which have their own ideas about settings for local key id...	2009-04-02 17:44:50 +00:00
Dr. Stephen Henson	77e749405d	Fix demo program.	2009-04-02 17:39:25 +00:00
Dr. Stephen Henson	9ccd4e224f	Add USE_SOCKETS.	2009-04-02 15:19:03 +00:00
Dr. Stephen Henson	1dad4f3672	PR: 1882 Submitted by: Corinna Vinschen <vinschen@redhat.com> Approved by: steve@openssl.org Typo.	2009-04-02 15:04:01 +00:00
Dr. Stephen Henson	59745556b4	Add another one...	2009-04-01 15:22:00 +00:00
Dr. Stephen Henson	fab4447179	PR: 1880 Document -ocsp_uri command line switch to x509 utility.	2009-04-01 15:06:28 +00:00
Dr. Stephen Henson	417b8d4705	PR:1880 Load config in ts utility.	2009-04-01 14:59:18 +00:00
Dr. Stephen Henson	e614ec4769	Update README.	2009-04-01 08:57:37 +00:00
Dr. Stephen Henson	a6b03f4138	Make update fixing duplicate ASN1 error codes.	2009-04-01 08:55:54 +00:00
Dr. Stephen Henson	809fa4cc59	Update for first beta.	2009-04-01 08:47:28 +00:00
Dr. Stephen Henson	463f448595	Win32 build fixes.	2009-03-31 22:04:25 +00:00
Dr. Stephen Henson	5cd0cf8cce	Fix other read call too.	2009-03-31 21:57:26 +00:00
Dr. Stephen Henson	49cb959494	Use OPENSSL_SYS_WIN32 instead of _WIN32	2009-03-31 21:45:29 +00:00
Dr. Stephen Henson	783a73c47f	Oops.	2009-03-31 21:39:54 +00:00
Dr. Stephen Henson	99bf516908	Add update from 0.9.8-stable branch.	2009-03-31 21:35:55 +00:00
Dr. Stephen Henson	a26c372cfc	Fix shlib version.	2009-03-31 21:21:42 +00:00
Dr. Stephen Henson	ed5ac22e5b	Correct version.	2009-03-31 21:19:17 +00:00
cvs2svn	3d11b8f896	This commit was manufactured by cvs2svn to create branch 'OpenSSL_1_0_0-stable'.	2009-03-31 19:54:52 +00:00